RE: Placement of IDS [7:48420]

g outside. Tim CCIE 9015 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of sam sneed Sent: Thursday, July 11, 2002 11:41 AM To: [EMAIL PROTECTED] Subject: Re: Placement of IDS [7:48420] I wouldn't want to put it in both places. If I did I'd have to d

RE: Placement of IDS [7:48420]

] [mailto:[EMAIL PROTECTED]]On Behalf Of sam sneed Sent: Thursday, July 11, 2002 11:41 AM To: [EMAIL PROTECTED] Subject: Re: Placement of IDS [7:48420] I wouldn't want to put it in both places. If I did I'd have to deal with false positives twice. With all the other responsibilities I have it

Re: Placement of IDS [7:48420]

I wouldn't want to put it in both places. If I did I'd have to deal with false positives twice. With all the other responsibilities I have it would take up too much of my time. I do trust my firewall so I think I'll keep it inside. ""Brad Nixon"" wrote in message [EMAIL PROTECTED]">news:[EMAIL

Re: Placement of IDS [7:48420]

The easy answer to your question is "It depends". Do you trust your firewall? Do you trust your internal users? The best solution would be to have an IDS on each side of your firewall. That way you could detect both external and internal threats. -- Brad A. Nixon CCNP, CCDA, MCP, CCSA "Nothing is

RE: Placement of IDS [7:48420]

Most security breaches are by employees. With that out of the way, I would place the IDS engine in front of the firewall to catch attacks against devices in the DMZ. In a small trusting environment, your employees are probably not your biggest threat. -Original Message- From: sam sneed

Re: Placement of IDS [7:48420]

My preference is to keep IDS on the inside of the firewall. The stuff blocked by the firewall will be in the firewall logs (well, maybe). IDS can be very annoying, so much that you ignore it. I'd say that's my $0.02, but after taxes, it's not even worth that. :-) >>> "sam sneed" 07/09/02 11: