Sam has to lay out his companys IDS schematic. The VPN connections stop at thesecurity gateway and there are three SSL connections that take place from thegateway to the database, Web server, and file server. Which is the bestimplementation for this environment?

A.
HIDS in all segments that need to be monitored and a NIDS on at least thedatabase, Web server, and file server.

B.
NIDS in the DMZ and internal user network and HIDS on each system in theenvironment

C.
NIDS in the DMZ, internal user network, and outside the firewall and HIDS on thedatabase.

D.
NIDS in all segments that need to be monitored and a HIDS on at least thedatabase, Web server, and file server.

Explanation:
A network sensor cannot monitor encrypted traffic, because it does nothave the intelligence, algorithm, and necessary keys. So if there is an SSLconnection that extends from one system to another within an environment, the NIDSwill not be able to review the traffic. But if that SSL connection ends at a systemthat has a HIDS, then this technology will review the decrypted commands and make adecision on if it is safe or not before it is passed up to the necessaryapplication. Placing a HIDS on each system in an environment is usually costprohibitive and requires high overhead in maintenance.