My company recently tested and acquired a network-based intrusion-detection system (IDS). Over the past few months, I've received many e-mails from readers asking me to explain the performance-testing methodology I used, so I've decided to share how I tested our network-based IDS. (A network-based IDS server watches traffic destined for all host systems on a subnet, while a host-based IDS typically runs on each host system to be protected.)
Performance is only one possible criterion for choosing an IDS. Depending on the level of expertise of you and your staff and the amount of resources available, your requirements and testing criteria may be different from mine. You might focus on ease of use and strong reporting, ease of creating new attack signatures or price.
The link for this article located at Computer World is no longer available.