IDS mailing list archives
IDS deployment outside FW?
From: "Chris Conacher" <chris_conacher () hotmail com>
Date: Mon, 09 Aug 2004 19:33:27 +0000
Dear ListI have moved into an organization that has two RealSecure Network Sensors and a network architecture that is VLANd/DMZd to where localized deployment to capture traffic would require 8 to 12 sensors to avoid bridging loops.
The cheapest/simplest option (without deploying SNORT/Prelude, etc - the organization wants to remain on a single application architecture where possible) is to place the two sensors outside of the firewall.
I understand that this means:The sensors will be in hostile territory and need to be maintained to a very high degree There will be an operations overhead of dealing with all of the noise that would normally be filtered by a firewall
Does anyone have experience of doing this? Are there any other issues that I have not considered? Chris _________________________________________________________________It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS deployment outside FW? Chris Conacher (Aug 09)
- Re: IDS deployment outside FW? Dr Bit Bucket (Aug 10)
- <Possible follow-ups>
- Re: IDS deployment outside FW? templeofprs (Aug 10)
- Re: IDS deployment outside FW? Mike Poor (Aug 11)
- Re: IDS deployment outside FW? Frank Knobbe (Aug 11)
- Re: IDS deployment outside FW? Mike Poor (Aug 11)