Where to put an IDS -- inside or outside of the firewall

We are in the process of implementing an intrusion-detection system. I have heard two different things: Place the...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

ID box outside of the firewall, and place the box inside of the firewall. Where is the best place to locate our network IDS? We don't plan on having any host IDs for now.

I'll answer your question with a question: Do you want to know who is knocking on your door (computers connecting from the Internet)? Or do you only want to see those that are allowed access?

If you prefer the first than outside, otherwise inside.

I typically tell people to place the IDS outside the firewall, and see if they can manage the traffic. This is good, for it allows you to see everyone trying and allowed to connect. Intrusion is typically detected when malicious activity is detected outside and it gets a response from inside. Most time malicious activity will hit the outside, but should never receive a response from inside your protected network.

Hope that helps. Give it a try. You can always move it inside. Also, most times I will tell clients to install SNORT or some other IDS along with the primary vendor to ensure you are in fact picking up everything.

Intrusion-detection systems
Recommendations for deploying an intrusion-detection system
Infrastructure & Network Security
The placement of security solutions on a network

For more information on this topic, visit these other SearchSecurity.com resources: Featured Topic: Executive Security Briefing: Best Web Links: Ask the Expert:

This was last published in March 2002

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

SearchCloudSecurity

intrusion detection system (IDS)

Network intrusion detection systems ID threats

Enterprise data security best practices mean IT teamwork

Evaluating enterprise intrusion detection system vendors

Please create a username to comment.

How enterprise cloud VPN protects complex IT environments

CASB, CSPM, CWPP emerge as future of cloud security

Prevent cloud account hijacking with 3 key strategies

Juniper's 128 acquisition needed to improve SD-WAN

The basics of zero-trust network access explained

Enterprise 5G: Guide to planning, architecture and benefits

Is your company's IT governance strategy cloud ready?

Government action on big tech monopoly power moving quickly

Quantum computing challenges and opportunities

A complete guide to troubleshooting Windows Hello

Comparing Jamf vs. Fleetsmith for macOS management

Mac users key in defending against Apple T2 chip flaw

Compare Google Cloud Deployment Manager vs. Terraform on GCP

Explore the tools for disaster recovery on AWS, Azure and GCP

Cloud performance testing is necessary for app migration

NSA’s top CVE list a timely reminder to patch

5G drives Ericsson in third quarter

From compliance to open banking to embedded finance – all thanks to APIs

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

intrusion detection system (IDS)

Network intrusion detection systems ID threats

Enterprise data security best practices mean IT teamwork

Evaluating enterprise intrusion detection system vendors

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.