Snort mailing list archives
Re: IDS Placement ideas for inside and outside a firewall.
From: "David Glosser" <david_glosser () yahoo com>
Date: Thu, 3 Apr 2003 02:09:45 -0500
MessageIf you've never set up any IDS before, I'm not sure you would want to place it outside your firewall immediately You'lll get overwhelmed with probes,scans, script kiddies etc. First place the box (with the "snorting" NIC unnumbered). On the port monitoring the *internal* interface of your firewall. Let it work on all of the stuff your firewall lets through. Once you have that under control, then place another box (or another NIC on the same box) to monitor your internal servers (since breakins can come from internal users). Once you have these two under control, then you can worry monitoring stuff outside the firewall, which I believe is called *attack detection*. But do you care that much about the stuff your firewall is successfully blocking? --snip- I am trying to convince my company to implement IDS on our network but I have a few questions. I know I would want one on both sides of the firewall,
Current thread:
- IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 02)
- <Possible follow-ups>
- RE: IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall. Drew Stockman (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 02)
- Re: IDS Placement ideas for inside and outside a firewall. David Glosser (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall. Brian Laing (Apr 03)
- Re: IDS Placement ideas for inside and outside a firewall. David Glosser (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 03)
- RE: IDS Placement ideas for inside and outside a firewall. Brian Laing (Apr 03)
- Re: IDS Placement ideas for inside and outside a firewall. David Glosser (Apr 03)