>>Adriel T. Desautels wrote:
>> In my expereince its not a very good idea to install an IDS on a
>> firewall device. Fact of the matter is an IDS device should have as
>> much processing power as you an give it to help reduce false positives
>> and false negatives (assuming heavy load and a good NIC). Increased
>> usage of the CPU from other services, such as firewalls, reduce the
>> amount of cycles that the IDS will have
>> and as such reduce its performance. Anyone else feel the same way?
>What you think makes sense. However, for a small business with an idle
>mine, it might be a good idea. Having a traffic sniffer that is not on
>increases the costs a lot. You need a separate machine, a tap or a
switch with a mirror
IDS on a firewall is not NEW, take a look an D-Link "DFL-200 and DFL-700"
Or the Netgear "FVS ProSafe-VPN-Firewall" Datasheet.
The have included an (N)IDS.
I think no Firewall is secure alone without an IDS.