IDS mailing list archives

Previous By Date Next
Previous By Thread Next

IDS deployment outside FW?

From: "Chris Conacher" <chris_conacher () hotmail com>
Date: Mon, 09 Aug 2004 19:33:27 +0000
Dear List
I have moved into an organization that has two RealSecure Network Sensors and a network architecture that is VLANd/DMZd to where localized deployment to capture traffic would require 8 to 12 sensors to avoid bridging loops.
The cheapest/simplest option (without deploying SNORT/Prelude, etc - the organization wants to remain on a single application architecture where possible) is to place the two sensors outside of the firewall. 

I understand that this means:
The sensors will be in hostile territory and need to be maintained to a very high degree There will be an operations overhead of dealing with all of the noise that would normally be filtered by a firewall 

Does anyone have experience of doing this?
Are there any other issues that I have not considered?

Chris

_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: