To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend
placing a network intrusion detection system (IDS) between the:
Firewall and the organization’s network.
Internet and the firewall.
Internet and the web server.
Web server and the firewall.
Attack attempts that could not be recognized by the firewall will be detected if a network- based
intrusion detection system is placed between the firewall and the organization’s network. A networkbased intrusion detection system placed between the internet and the firewall will detect attack
attempts, whether they do or do not enter the firewall.