IDS should be placed in all three + servers/host agents. In front of firewall to detect external attempts Behind firewall to detect internal attempts and successful external attacks (useful to compare info from Ext + int sensors) In DMZ to monitor activity to mailer/FTP/web whatever.
Hope this helps. Ben. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 29 October 2001 09:01 To: [EMAIL PROTECTED] Subject: IDS White Papers/Documents Hi all, Any help with the following greatly appreciated! Can anyone point me in the right direction for good white papers/documents on deciding where to locate an IDS on a network? The background to this is that I want to implement an IDS on a network which has an incoming/outgoing Internet connection for all users. There is currently a firewall protecting this connection, but I want to know whether I should locate the IDS in front of or behind the firewall? Should the IDS be placed in a DMZ or not? (As you can tell, I am new to all this!) Regards, Mark. _______________________________________________________________________ Never pay another Internet phone bill! Freeserve AnyTime, for all the Internet access you want, day and night, only £12.99 per month. Sign-up at http://www.freeserve.com/time/anytime This is an email from Card Protection Plan Limited; company registration number 01490503; registered office Holgate Park, York, YO26 4GA; telephone 01904 544500. This message may contain information that is confidential. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and either return or destroy the original message. Card Protection Plan Limited accept no responsibility for any changes made to this message after it has been sent by the original author.