Absolutely! I tended to invest heavily in NIDS as there were a fair number of servers not directly controlled by me. (And I was pretty sure the ones I did control were reasonably securely configured). Hence the need to do monitoring with a system I did control - snort usually. If you do own the box, HIDS is a great idea.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1871/670#670