You appear to have three threads on more-or-less the same subject (being new to HIDS and wanting to know roughly what/where/how to apply a HIDS). One of those has been commented by a mod for closing for a little time, although it doesn't seem to be actually closed off.
You will have gathered by now that by cross-posting, you reduce your chances of getting an answer, because people see the the multiple threads and wait until some get closed off before deciding which it will be constructive to answer. All that said, let's see whether we can tease out what you are actually asking, so that someone can help (not me, I suspect).
The implication seems to be that you have more than one server (box), and you want someone to choose from that list, or give you information that points you in the direction of which one to select. If this is true, you really want to disclose the list, or this won't happen.
Quote:
I know that answer can be any.
|
All right, then I'll say 'any'. It is the easiest way out for me, and you've said that it is a possible answer... I don't really know what I am answering though, so that could easily be a stupid answer.
Presumably, you are going in to this because you think there is a threat or there are threats. Can you put the HIDS (or HIDSES?) as close to the threat, or threats, as possible?
What else is there in your system - you may have, eg, a web server, and although it is behind eg a firewall or maybe other networking apparatus, you know that you cannot stop access to that server, so there is a threat local to the web server. You probably need to be a lot more explicit about the system, because everything above is based on guesswork, and that isn't a good basis on which to work.
Note also that this will give your thread (well, this instance, anyway) a 'bump' and if you add some more useful detail, this may get the thread some more attention.