Network Security

Question 12

Would you suggest IDS and IPS in an enterprise Intranet?
Why/why not?

We'll suggest it. Snort can be of help detecting and mitigating in at least the following cases

  • One security risk often overlooked is the internal hacker / industrial spy. Snort can help in detecting anormalous traffic pointing to activities of this kind
  • Detecting the deployment of un-authorized wireless access-points and modems
  • Detecting and confining computers that have been compromised by viruses and trojans
  • Detecting mobile computers