Placement of IDS [7:48420]

2002-07-09 Thread sam sneed
I was contemplating on where I should put my IDS. I have a simple network with only one Internet connection to my ISP. It is firewalled with an internal network that does not allow any incoming connections via firewall and a DMZ which has web, DNS, and email server. My question is should I put the

Re: Placement of IDS [7:48420]

2002-07-09 Thread Ken Diliberto
My preference is to keep IDS on the inside of the firewall. The stuff blocked by the firewall will be in the firewall logs (well, maybe). IDS can be very annoying, so much that you ignore it. I'd say that's my $0.02, but after taxes, it's not even worth that. :-) >>> "sam sneed" 07/09/02 11:

RE: Placement of IDS [7:48420]

2002-07-09 Thread Jim Brown
[mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 12:20 PM To: [EMAIL PROTECTED] Subject: Placement of IDS [7:48420] I was contemplating on where I should put my IDS. I have a simple network with only one Internet connection to my ISP. It is firewalled with an internal network that does

Re: Placement of IDS [7:48420]

2002-07-11 Thread Brad Nixon
The easy answer to your question is "It depends". Do you trust your firewall? Do you trust your internal users? The best solution would be to have an IDS on each side of your firewall. That way you could detect both external and internal threats. -- Brad A. Nixon CCNP, CCDA, MCP, CCSA "Nothing is

Re: Placement of IDS [7:48420]

2002-07-11 Thread sam sneed
I wouldn't want to put it in both places. If I did I'd have to deal with false positives twice. With all the other responsibilities I have it would take up too much of my time. I do trust my firewall so I think I'll keep it inside. ""Brad Nixon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL

RE: Placement of IDS [7:48420]

2002-07-11 Thread Tim O'Brien
] [mailto:[EMAIL PROTECTED]]On Behalf Of sam sneed Sent: Thursday, July 11, 2002 11:41 AM To: [EMAIL PROTECTED] Subject: Re: Placement of IDS [7:48420] I wouldn't want to put it in both places. If I did I'd have to deal with false positives twice. With all the other responsibilities I have it

RE: Placement of IDS [7:48420]

2002-07-11 Thread Ken Diliberto
g outside. Tim CCIE 9015 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of sam sneed Sent: Thursday, July 11, 2002 11:41 AM To: [EMAIL PROTECTED] Subject: Re: Placement of IDS [7:48420] I wouldn't want to put it in both places. If I did I'd have to d