What is the difference between open-source IDS (Snort) and a paid IDS (hardware IDS)?
IDS systems can be gathered into a couple of broad categories as to how they function. These usually fall along the lines of how the specific system detects violations. Therefore they may detect errors by looking at a deviation from normal activity or by means of a signature. Snort is a signature based IDS. Snort requires that you setup specific signatures that it is to alert you to should they be detected. Snort is also an open source product. The question as to what is better, open source or paid is open for debate. It's much like saying you would you prefer running an open source OS like Linux or commercial one like Windows. A commercial IDS will most likely offer you a support and maintenance should things go wrong or you need help. While you may not get that with Snort you do have access to a large user base that runs the application and are ready and willing to help. Many people are more comfortable with a commercial tool, while others simply don't have the resources or capital to afford a commercial IDS. Commercial IDS systems may have you wait for update, while open source solutions can be updated at any time. Regardless of what IDS you choose to install plan to spend a week or more setting it up and configuring it. After all that's the real task here is having it configured in such a way as to detect bad behavior and ignore non-problems.
This was last published in August 2006
Dig Deeper on Network Security Best Practices and Products
Enterprise security expert, Michael Gregg answers a question regarding port 3389 issues when a user tries to open port 3389 RDP on their router to ...
Continue Reading
Security expert Michael Gregg discusses the disadvantages to a layered approach to enterprise security.
Continue Reading
Learn how to change your security settings to allow ActiveX in Internet Explorer 6 or later, from our enterprise security expert Michael Gregg.
Continue Reading