Building an IDS framework
Imagine that, as the security manager at XYZ Corporation, you are
responsible for managing the intrusion detection environment. If you
were given the ability to build the environment from scratch, would you
use network-based IDS, host-based IDS, or a combination? Why? How would
you structure your staff and organization to get the most out of your
investment? Are there any strengths of one over the other that you may
take into consideration? Which one is more expensive?