Firewall Wizards mailing list archives

Re: IDS collection in the DMZ, or in the dirty segment?

From: stranded lemming <tyme () dreams res cmu edu>
Date: Fri, 29 Jan 1999 03:58:50 -0500 (EST)

On Thu, 28 Jan 1999, John Kozubik wrote:

I have yet to read someone post the idea that you CAN install more 
than one IDS in your network.
I have yet to see any hard case for not putting and IDS in the DMZ, 
Service Network, Extranet or Internal network.  The biggest drawback to
this is capital.


This isn't exactly the same thing, since only one central [group of]
computer[s] actually processes the data, but CMU used at least 17 HP
LanProbes in 1996 on various subnets.  From what I understand
packets are just collected and forwarded to some analysis station.  
Packets could still be treated differently depending on where they come
from, however.


Justin

Current thread:

IDS collection in the DMZ, or in the dirty segment? John Kozubik (Jan 26)
- <Possible follow-ups>
- Re: IDS collection in the DMZ, or in the dirty segment? Matt McClung, CCSA/CCSE (Jan 27)
  - Re: IDS collection in the DMZ, or in the dirty segment? Drexx D. Laggui (Jan 28)
- Re: IDS collection in the DMZ, or in the dirty segment? John Kozubik (Jan 28)
  - Re: IDS collection in the DMZ, or in the dirty segment? stranded lemming (Jan 29)