IDS placement
am 24.11.2006 00:40:16 von mkazmierski
Hello,
I have just wondering about the opinion of the security experts.
Imagine that you have two netwoks which both you would like to protect
using IDS hadrware tools. What would be the rules you use just to
decide in which network you use advanced IDS stuff and in which
free-snort'like soft. I am interesed with a short ideas with short
explanation. For example my friends say something about number of host
in each network, the traffic generated outside the network, etc. I just
want to know what other thigs I could consider.
Thank you, mark
Re: IDS placement
am 24.11.2006 01:00:32 von flamer
mark wrote:
> Hello,
>
> I have just wondering about the opinion of the security experts.
> Imagine that you have two netwoks which both you would like to protect
> using IDS hadrware tools. What would be the rules you use just to
> decide in which network you use advanced IDS stuff and in which
> free-snort'like soft. I am interesed with a short ideas with short
> explanation. For example my friends say something about number of host
> in each network, the traffic generated outside the network, etc. I just
> want to know what other thigs I could consider.
>
> Thank you, mark
ids solutions should be placed where most of th etraffic in your
network traverse, ie: the core switch, you can run it as a stub, so one
link off a switch port configure as a span. if you have two core
switches you can chuck it inline between the two which also provides
ips (blocks the traffic aswell) just make sure it can handle the
throughput. i would recommend a box in each network, and like i say
have a span port at the core switch.
Flamer.
Re: IDS placement
am 28.11.2006 12:29:47 von news
The rules work as a group if your internal networks have diferent routing.
Otherwise you can have users authenticate to the firewall and rules are
placed by groups. This depends on the firewall, but most worth their salt
will allow grouping of users normally using LDAP.
wrote in message
news:1164326432.683827.101150@l39g2000cwd.googlegroups.com.. .
>
> mark wrote:
>> Hello,
>>
>> I have just wondering about the opinion of the security experts.
>> Imagine that you have two netwoks which both you would like to protect
>> using IDS hadrware tools. What would be the rules you use just to
>> decide in which network you use advanced IDS stuff and in which
>> free-snort'like soft. I am interesed with a short ideas with short
>> explanation. For example my friends say something about number of host
>> in each network, the traffic generated outside the network, etc. I just
>> want to know what other thigs I could consider.
>>
>> Thank you, mark
>
> ids solutions should be placed where most of th etraffic in your
> network traverse, ie: the core switch, you can run it as a stub, so one
> link off a switch port configure as a span. if you have two core
> switches you can chuck it inline between the two which also provides
> ips (blocks the traffic aswell) just make sure it can handle the
> throughput. i would recommend a box in each network, and like i say
> have a span port at the core switch.
>
> Flamer.
>