Your assumptions are a good place to start. Defense in depth is the current industry practice, where depth is determined by your risk managment practices. A good default (IMHO) is a network-based IDS watching your overall network status, with specific hosts protected by an additional host-based solution. Application specific monitors can be tricky, but you can do some application specific mitigation such as using SSL only for web servers, SSH in place of telnet (disabling telnet in the servers) and that sort of thing. I've seen some deployments that used multiple network IDS's as well as host IDS's...redundancy and overlap.
Some network IDS specific decisions include edge monitoring only (the eggshell approach...hard shell, soft middle) or edge and internal monitoring, such as a sensor between the general busines network and lets say the Finance or Research LANs. *I* think host based is largely a matter of degree. Critical server protection vs. the anti-virus pervasive method. Alot depends on your business model and practices (and budget obviously).
One thing to note..do not underestimate the costs of monitoring and maintaining. I have personal friends who have watched(and participated) in their company (a fortune 500) buying a "low cost" solution, only to have to scrap their plan within a year, because it didn't scale and took more people to manage than they anticipated. Also, be sure you can answer this question adequately ;) "So I have a reported intrusion...now what?" IDS's are not foolproof and all of them(network, host, hardware-based, software-only, etc.) need to be tuned to the environment in which they are deployed. Make sure you have someone(s) capable of understanding the difference between a false positive and an actual attack and being able to tune out the former and respond to the latter.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...