IDS placement


I have just wondering about the opinion of the security experts. Imagine that you have two netwoks which both you would like to protect using IDS hadrware tools. What would be the rules you use just to decide in which network you use advanced IDS stuff and in which free-snort'like soft. I am interesed with a short ideas with short explanation. For example my friends say something about number of host in each network, the traffic generated outside the network, etc. I just want to know what other thigs I could consider.

Thank you, mark

Reply to
Loading thread data ...

ids solutions should be placed where most of th etraffic in your network traverse, ie: the core switch, you can run it as a stub, so one link off a switch port configure as a span. if you have two core switches you can chuck it inline between the two which also provides ips (blocks the traffic aswell) just make sure it can handle the throughput. i would recommend a box in each network, and like i say have a span port at the core switch.


Reply to

The rules work as a group if your internal networks have diferent routing. Otherwise you can have users authenticate to the firewall and rules are placed by groups. This depends on the firewall, but most worth their salt will allow grouping of users normally using LDAP.

Reply to
News Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.