Jason Pufahl wrote: > I am looking for a bit of practical advice. > > My school is implementing an IDS system and has purchased software, but can > only deploy it on the inside or outside of our firewall due to licensing > restrictions. I am trying to make a determination as to what side would be > more helpful for me. > > I was initially thinking I should place it on the outside so that I could > watch for any potential attacks, however I am now thinking that it may be > more useful inside, as I am primarily concerned with what actually gets in. > Placing it inside should also (hopefully) give me less to wade through since > the firewall should stop the majority of intrusion attempts. > > I would find any suggestions helpful. > > Thanks, > Jason > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > >
Im my experience with IDS's and FW's and systems I've reached a conclusion. It all depends on your resources (time, $$$, rem sleep, whatever...) Outside, if you've got traffic, you will get false positives, true positives, lots of tunning, logs, (lots of them), wakeup calls, reporting for justa a bit of FUD (more money needed, more resources face the *huge* amount of attacks detected ;) )but after a while,you'll have a picture of your network traffic and, by then you can go and tune routers, fw and load balancers. After that, move the IDS to the inside and start all over again... It's an endless nightmare. -- "Civilization is only chaos taking a rest." Graham Hancok _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
