IDS question (for a noob)
Brian Densmore
DensmoreB at ctbsonline.com
Fri Aug 29 18:26:33 CDT 2003
> From: Kurt
...
> So anyway, I want to set up an IDS.
...
> Now that
> being said, where would you all place the thing? On
> the wan line, picking up attempts? Or on the lan line?
...
> And then there is this dmz thing that I don't
> seem to fully understand. All I'm really trying to
> accomplish is some learning and maybe get a kick out
> of checking things. Do any of you have any suggestions
> as to the placement, and why? Appreciate it.
>
I'd place it on the lan side to start out with to
determine if my firewall is letting anything in it
shouldn't. Then I'd put it on the wan side and see
if anyone is attempting to get in. And also so I
could try to break in. I haven't gotten
around to doing one of these yet.
A dmz is *generally* a box sitting on the wan side for
the purpose of allowing some traffic in (CMIIW). Although
there are many possible configurations. So many in fact
that my generalized statement above is mostly useless.
A dmz can be a production box for allowing some browsing
capability. It may also include a system designed
to record and report on break-in attempts. It may contain
totally bogus information about a company so that it looks
attractive to crackers to try to break in to. Et cetera,
et cetera, et cetera.
More information about the Kclug
mailing list