Chris Bell Chris Bell 'A business that makes nothing but money is a poor business.'
- Henry Ford

About Me >>   Bachelor's Degree >>   IT-340 Network and Telecommunication Management

SNHU - IT-340 Network and Telecommunication Management
Written by: Chris Bell - October, 2013

Intrusion Detection System Within a Network

    

An intrusion detection system (IDS) is installed within a network to notify the administrator of any malicious activity. A company could sign up with Snort which is an open source provider or through Alien Vault in which they must pay for their service. In the past few years open source providers have been competing with commercial providers, and the debate as to which is superior still goes on. Opinions sway both ways when it comes to Windows VS Linux or Google Docs VS Microsoft Office. Since open source software is free the debate will go on for a long time, but there are main factors to consider with both types of software before automatically choosing the one that's free.

Snort, www.snort.org, offers the open source version of an intrusion detection system. Instead of downloading software onto your desktop your network will be "watched" from the Internet. A great benefit is that you'll get updates immediately. When you download software onto your desktop you download the most recent version and your computer only has access to that version until you download the latest revision. Instead, Snort is handled over the Internet, which means you get updates as soon as they happen. Another benefit of using Snort's open source IDS is that it's completely free! However, the main disadvantage is that there isn't a direct support group to call when you have problems. Since you're not buying a product they do not have a customer service team to help you with every problem that comes up.

If you prefer to have a customer service team at your finger tips you might want to consider paying Alien Vault to install their software into your network. It's very expensive but when a company manufactures and distributes a product they tend to stand by that product with customer service and support. They will work with you to install it in the best way that fits your needs and always be there for you when something goes wrong. When using open source IDS's you will have to complete a lot of the work on your own or hire an outside consultant to help you.

If you're savvy with computers and software you could most definitely consider using Snort's open source IDS for free. On the other hand, if you're a business owner that needs to keep your eye on the ball I would recommend paying for the service so that they can install it and service it while you keep the business running. There is no right answer as to which IDS is superior; it comes down to your own preferences and budget. If you're on a budget but you still want the commercial IDS you might save some money by hiring an outside consultant. You can use the consultant to set up your network and keep their phone number handy for when you need help troubleshooting.

Company Infrastructure Diagram

References:

Differences Between Open Source and Commercial IDS. Retrieved from:
http://searchnetworking.techtarget.com/answer/Differences-between-open-source-and-commercial-IDS

Alien Vault. Retrieved from:
http://www.alienvault.com/products-solutions/threat-detection?