When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
When a firewall is unable to recognize a number of attack attempts, the best placement for an intrusion detection system (IDS) would be between the firewall and the organization's network. This ensures that any attacks that successfully bypass the firewall are detected right before they enter the organization's internal network. By positioning the IDS here, it provides an additional layer of security, monitoring for any malicious activity that the firewall might have missed, thus giving the organization a chance to respond to potential threats.
B. the demilitarized zone (DMZ).
If u place the IDS as a first line of defense, it will overloaded with traffic. Use the firewall to filter incomming traffic then use the IDS to identify intrusions. The answer is D.
Placing the IDS between the firewall and the Internet (option C) may be effective in monitoring incoming traffic from external sources, but it wouldn't provide visibility into traffic passing through the firewall and potentially targeting the DMZ. Similarly, placing the IDS between the firewall and the organization's network (option D) would focus on internal traffic but wouldn't specifically address threats targeting the DMZ. Therefore, placing the IDS between the firewall and the DMZ is the best recommendation for enhancing security and detecting attacks targeting the organization's public-facing servers.
Attack attempts that could not be recognized by the firewall will be detected if a network- based intrusion detection system is placed between the firewall and the organization’s network. A network-based intrusion detection system placed between the internet and the firewall will detect attack attempts, whether they do or do not enter the firewall.
If a network-based IDS is placed between the Internet and the firewall, it will detect all the attack attempts, whether or not they enter the firewall. If the IDS is placed between a firewall and the corporate network, it will detect those attacks that enter the firewall (it will detect intruders).
Correction - D is the correct answer since firewall is unable to recognize the attack attempts, IDS should be placed between the firewall and organization's network so as to alert the organization about such threats. Placing IDS between internet and firewall in this case will lead to attack attempts recognized by the IDS but allowed by the firewall