Monitor
After you secure your network, you should monitor the network to ensure that you can
detect potential security incidents. By installing Cisco Secure IDS at key points of the network
(as part of Step 1), you can monitor both internal and external traffic. It is important to
monitor both internal and external traffic because you can check for violations of your
network security policy from internal sources and attacks from external sources and
determine if any external attacks have breached your network. All your perimeter devices,
including firewalls and perimeter routers, provide log data that can be used to verify that
your secure configuration is functioning properly and can be filtered to look for specific
incidents.