[Dshield] Question for all

LJD ljdsec at yahoo.co.in
Sun Feb 8 05:54:24 GMT 2004


Hi !
 
Would present u with the following data to take a call :
 
1) IDS inside the FW - gives you the advantage of more managable logs to go through, as blocked ports, ips would alredy be filtered out., however.....
 
2) IDS outside the FW would give you a more accurate account of the types of attacks that are being launched against your network, and hence will provide u with a heads up to modifing any of ur FW policies.
 
Regards,
LJD.
 


"Witt, Allen" <DAVID.A.WITT at saic.com> wrote:
My preference would be to have an network based IDS located inside the
firewall (details hostile activity that gets through the firewall), and an
IDS for each subnet used for public or business partner access (aka DMZ's).
You should also consider implementing host based IDS systems on those hosts
that are high value/mission critical, as well as those that communicate with
encrypted protocols.

my .02

Allen Witt, Network Security Administrator
SAIC
865-425-5199


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Rick Sroka
Sent: Tuesday, February 03, 2004 2:12 PM
To: list at dshield.org
Subject: [Dshield] Question for all


Would you have a ids on the outside of the firewall or inside after the
firewall 

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
Yahoo! India Education Special: Study in the UK now.


More information about the list mailing list