I'm going to install RealSecure in our dmz network, and I was contemplating on whether
or not the IDS should be sitting outside or behind our firewall. My objective is to
monitor traffic targeting our web servers. Does anyone have any insights on the pros
and cons as to where the IDS should be placed on the network?
I'm getting ready to install the RealSecure console and engine. Does it matter if I
do that first, then set up the machines in promiscous mode or should I set up the
machine so that it is dual-homed and then install the console and engine software?
Also, does anyone know of any known vulnerabilities that should be fixed before I
place the IDS in a production environment? If I place the machine outside our
firewall should certain ports be disabled? Do certain ports also need to be diabled if
the RealSecure box is sitting behind our firewall?
Sorry for the long list of questions, but any help would be appreciated.
Thanks,
Mark
