Re: location of an IPS
From: FinAckSyn (finacksyn_at_yahoo.co.uk)
Date: 10/20/05
- Previous message: Bob Walder: "Re: Juniper Vs Tipping point, Intrushield and Stonegate"
- In reply to: Doug Fox: "location of an IPS"
- Next in thread: Kurt Seifried: "Re: location of an IPS"
- Reply: Kurt Seifried: "Re: location of an IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Oct 2005 14:29:28 +0100 (BST) To: Doug Fox <dfox168@hotmail.com>, focus-ids@securityfocus.com
An IPS should be placed in front of the firewall, to
provide complete network protection.
However, the Unity 50 is quite low spec - 5,000
connections per second, 5,000 concurrent connections.
Bearing in mind most Check Point firewalls have a
default connection table size of 40,000 (?)
connections, then putting the Unity 50 in front of
your firewall would be a bottleneck.
Assuming small packet size (512bits per packet), then
5,000 of these per second equates to just under 3Mbs.
If your Internet feed is less than this, then no
problem. If it's higher, then the Unity 50 would not
be able to handle a 3Mbs pipe full of small packets.
You should really design your perimeter with this
worse case scenario in mind, especially if you have
negotiated burst rates with your ISP and your ISP feed
can suddenly shoot up in usage.
Port scans should be blocked by the firewall - all
irrelevant ports are discarded at this point. I'm not
sure how the Unity 50 handles port scans, I haven't
played with one yet... ;)
Regards,
Matt
--- Doug Fox <dfox168@hotmail.com> wrote:
> I'm sorry for this dumb question, which may have
> been answered many times.
>
> Where should one place an TippingPoint Unity 50 IPS
> device? Behind or in
> front of a firewall?
>
> I have a/the TippingPoint behind a Check Point
> firewall. Even though we
> externally and internally port-scanned the firewall
> and the IPS many times,
> the activity log did not contain any record of the
> "attacks".
>
> What am I missing here? Any pointers are
> appreciated.
>
> Thanks,
>
>
------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
>
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>
> to learn more.
>
------------------------------------------------------------------------
>
>
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Bob Walder: "Re: Juniper Vs Tipping point, Intrushield and Stonegate"
- In reply to: Doug Fox: "location of an IPS"
- Next in thread: Kurt Seifried: "Re: location of an IPS"
- Reply: Kurt Seifried: "Re: location of an IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
