|
placing the IDS sensor between the external router and the firewall, the sensor can monitor
all network traffic going to and coming from the Internet.
Furthermore, because the router can filter all incoming traffic from the Internet, the IDS
sensor can be tuned to ignore certain types of attacks, thereby allowing the sensor to operate
with maximum efficiency.
DMZ
ID
Intranet
Internet
Web Network based
Server ID sensor
Figure 1 - Deploying 1 ID system
Scenario 2
In the case where only two sensors of any type can be acquired and maintained, then they
should be network sensors. Like the previous scenario, one of the sensors should be placed
in the DMZ, between the external router and the firewall. The second sensor should then be
placed between firewall and the intranet, as shown in Figure 2. The second sensor can
indicate what attack breached the firewall. By strategic placement of these two sensors, all
access points from the Internet will be monitored.
Next topic
Previous topic