RE: IDS Placement ideas for inside and outside a firewall.

["Brei, Matt" <mbrei () medclaiminc com>]

That's what I was thinking.  I just wanted to make sure.

 

-----Original Message-----
From: Drew Stockman [mailto:Drew.Stockman () cibmis com] 
Sent: Wednesday, April 02, 2003 3:50 PM
To: Brei, Matt; snort-users () lists sourceforge net
Subject: RE: [Snort-users] IDS Placement ideas for inside and outside a
firewall.

 

We have a "dirty" hub in between the routers and firewalls.  Lets us
have the IDS and if we ever need to sniff traffic for troubleshooting
purposes just plug into the hub.

 

Drew Stockman 
Security Analyst 
CIBMIS 

        -----Original Message-----
        From: Brei, Matt [mailto:mbrei () medclaiminc com]
        Sent: Wednesday, April 02, 2003 1:43 PM
        To: snort-users () lists sourceforge net
        Subject: [Snort-users] IDS Placement ideas for inside and
outside a firewall.

        Hi everyone.  I am trying to convince my company to implement
IDS on our network but I have a few questions.  I know I would want one
on both sides of the firewall, but on a switched network, how would I
force traffic to go through Snort before it reached its destination?
Also, the way its set up now, the Cisco 1751 router goes right into the
Cisco PIX 501 firewall and from there into a switch.  How would I place
an IDS between the firewall and switch?