Network-based intrusion detection captures traffic and performs analyses to identify notable events. If placed at the front-end IT perimeter, the properly configured network-based IDS will detect all externally initiated attack attempts, even where the firewall subsequently permits malicious packets to ingress. As an alternative configuration option, an IDS can be placed between a firewall and the internal network, where it will only evaluate firewall passed traffic.
Effective information assets protection (IAP) technologies are valuable defense mechanisms for combating inappropriate and malicious behavior. Therefore, information security personnel should identify and evaluate deployed configuration management tools that ensure an entity’s network infrastructure maintains data integrity and availability.
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.