Given the company network from the exercises, where would one or more Snort IDS be positioned in the network, and how should they be put to use?
- between the router and the firewall - to see what's being attempted
- behind the firewall - to see if any attacks are actually entering the corporate network
- on each separate network segment - to see if any suspicious activity is taking place (see question 12 for examples)
- on each web-host - as HIDS to scan for the things that are hard or impossible to detect on the network