I quoted this from Cisco press book, Cisco Secure Intrusion Detection System.
Sensor placement based on network functions - Perimeter protection, refers to the link between your network and the Internet. - Extranet connections, connections to your business partners - Intranet connections, between seperate network segments within your network. - Remote access server connections, your dial-up access server. I would suggest to put your single IDS sensor just behind your Internet access router. This will monitor intrusions from the Internet and protect your whole inside network. You can also configure IDS to shun offensing host by configuring the Internet access router's access list. But the shortage is that the sensior won't be able to see intrusions generated from your inside network, if there're some. The problem to put the sensor in the inside network is that where you will put it and protect what? One sensor is hard to monitor several links due to the bandwidth limitation. Hope this helps. Fei. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
