"Pellowski, Tom" wrote:
>
> Greetings:
>
> I have this question that I would like the community to give me their .02
> worth.
>
> In an arena running Checkpoint (whatever flavor) is it really worth the
> time, expense, and possible network performance compromises to put a
> separate intrusion detection appliance online in front of the firewall?
>
If I had an unlimited budget, I would put a sensor both inside and
outside of the firewall. There is no degradation in performance
associated with an IDS, since it is really just a snazzy sniffer.
With a limited budget, I would place the sensor _inside_ the firewall,
not outside. I care more about what makes it past my door than who is
knocking on it.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
