How Many Access Points Are There Between Your Network And The Extranets Or Internet; Where Are The Critical Servers That Require Protection Within Your Network; How Complex Is Your Network Topology - McAfee M-1250 - Network Security Platform Deployment Manual

McAfee® Network Security Platform 6.0 Planning Network Security Platform Installation
How many access points are there between your network
and the extranets or Internet?
Large corporations have several points of access that can be exploited by parties with
malicious intent. Protecting the various points of access to your network is the key to any
successful IDS installation. You're only as strong as your weakest link.
Intrusions coming in from the Internet are important to combat, but misuse and intrusions
attempted through the extranets or inside the corporate network are equally as critical to
defend against. In fact, research statistics show that insiders are the most common source
of attacks.
Where are the critical servers that require protection within
your network?
File servers containing financial, personnel, and other confidential information need
protection from those people wishing to exploit your critical information. These machines
are extremely appealing targets. And, as discussed in the previous section, insiders pose
a threat that must be addressed.
You should also consider whether you need different levels of security for different parts of
the organization. Assess how much of your sensitive material is on-line, where it is
located, and who has access to that material.

How complex is your network topology?

Asymmetrically routed networks are complex environments that require careful planning
and execution.
The following figure shows a network protected by the Sensor in tap operating mode.
Since both links are monitored by the same Sensor, the state machine remains in sync.
The Sensor can support an Active-Active configuration as long as the aggregate
bandwidth does not exceed the total processing capacity of the Sensor.
Furthermore, a Sensor can also monitor asymmetrically routed traffic where the traffic
comes in on one link and goes out another link, because the state machine on the Sensor
associates the inbound and outbound traffic efficiently. For more information on monitoring
asymmetrically routed traffic, see Interface groups (on page 24).
9