If you are going to look at it that way you should run host based IDS on the servers you are protecting from your inside clients and run your IDS sensor between your edge router and firewall to see what is happening outside.
Tim CCIE 9015 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of sam sneed Sent: Thursday, July 11, 2002 11:41 AM To: [EMAIL PROTECTED] Subject: Re: Placement of IDS [7:48420] I wouldn't want to put it in both places. If I did I'd have to deal with false positives twice. With all the other responsibilities I have it would take up too much of my time. I do trust my firewall so I think I'll keep it inside. ""Brad Nixon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The easy answer to your question is "It depends". Do you trust your > firewall? Do you trust your internal users? The best solution would be to > have an IDS on each side of your firewall. That way you could detect both > external and internal threats. > > -- > Brad A. Nixon > CCNP, CCDA, MCP, CCSA > "Nothing is fool proof to a sufficiently talented fool." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48601&t=48420 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
