I'm back again with an article discussing optimal network sensor placement. It is a simple case study i made after i've finished my thesis (APT detection through machine learning and network behavior analysis) regarding the network sensor placement in order to achieve maximum network visibility with minimal possible redundancy. These days i read "Network Security Through Data Analysis, Michael Collins, 2014" which triggered this case study. The experimental network is a prototype enterprise network depicted in the following image. (I didn't take it from "The Practice of Network Security Monitoring, Richard Bejtlich, 2013" even if it is almost the same with one of Richard Bejtlich's images. It is created using Dia) The above network is a reasonable abstraction of an enterprise one. So in the following picture i try to place the candidate sensor positions (From A to F ) and replace DMZ with a Debian machine (running an FTP, HTTP and SSH s