Network Security

Question 18

Given the company network from the exercises, where would one or more Snort IDS be positioned in the network, and how should they be put to use?

  1. between the router and the firewall - to see what's being attempted
  2. behind the firewall - to see if any attacks are actually entering the corporate network
  3. on each separate network segment - to see if any suspicious activity is taking place (see question 12 for examples)
  4. on each web-host - as HIDS to scan for the things that are hard or impossible to detect on the network