Solved: Re: IDS place

wdong · ‎04-03-2003

Where is the best place of IDS? outside firewall or inside firewall?

travis-dennis_2 · ‎04-04-2003

It depends on what you want to accomplish. If you want to see most every attack that is coming at you then you would put the IDS in front of the firewall. You will also be getting alot more information to manage but you can see who is trying what and how often. If you only want to try and catch anyone who gets past the firewall then put it behind the firewall. You get much less information to manage this way and you still can issues shuns to the firewall but unless you are monitoring your firewall very closely you will not see every attack or recon since the firewall shuold be catching and dropping most of that traffic.

View solution in original post

travis-dennis_2 · ‎04-04-2003

It depends on what you want to accomplish. If you want to see most every attack that is coming at you then you would put the IDS in front of the firewall. You will also be getting alot more information to manage but you can see who is trying what and how often. If you only want to try and catch anyone who gets past the firewall then put it behind the firewall. You get much less information to manage this way and you still can issues shuns to the firewall but unless you are monitoring your firewall very closely you will not see every attack or recon since the firewall shuold be catching and dropping most of that traffic.

wdong · ‎04-06-2003

Thanks!