I was contemplating on where I should put my IDS. I have a simple network with only one Internet connection to my ISP. It is firewalled with an internal network that does not allow any incoming connections via firewall and a DMZ which has web, DNS, and email server. My question is should I put the IDS behind or in front of my firewall? What are most of you doing? I realize if it is behinf the FW I will not be able to detect a lot of possible security breaches, such as users trying to rsh or telnet into my servers since this is blocked by FW. Should I care that people are trying to get in or attack if the firewall is already blocking it? The IDS could easily handle the traffic since its only at the 1MB-2MB range.
sam sneed Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48420&t=48420 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
