RE: location of an IPS
From: Swift, David (dswift_at_ipolicynetworks.com)
Date: 10/20/05
- Previous message: Derick Anderson: "RE: location of an IPS"
- Maybe in reply to: Doug Fox: "location of an IPS"
- Next in thread: Paul Schmehl: "Re: location of an IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Oct 2005 07:23:06 -0700 To: "Doug Fox" <dfox168@hotmail.com>, <focus-ids@securityfocus.com>
Where to put an IPS depends on your network and what you want to do with
it.
Most IPS's need L2 connectivity to a LAN segment if you want to monitor
it. So...if your looking to monitor internal traffic, it will sit south
(protected side) of your firewall. At L3/Routing, an alternate path not
through the device (or dropping of broadcasts), may prevent the IPS from
seeing the attack.
Likewise you may have VPN termination on the firewall, and an IPS cannot
detect events in encrypted traffic streams (unless it is the VPN
termination point itself), so the device may be installed south of the
VPN concentrator.
Alternatively however, since most IPS boxes can also do DoS and DDoS
mitigation, you may want it north (unprotected side) of your firewall to
help screen/drop DoS/DDoS attacks.
-----Original Message-----
From: Doug Fox [mailto:dfox168@hotmail.com]
Sent: Wednesday, October 19, 2005 3:58 PM
To: focus-ids@securityfocus.com
Subject: location of an IPS
I'm sorry for this dumb question, which may have been answered many
times.
Where should one place an TippingPoint Unity 50 IPS device? Behind or
in
front of a firewall?
I have a/the TippingPoint behind a Check Point firewall. Even though we
externally and internally port-scanned the firewall and the IPS many
times,
the activity log did not contain any record of the "attacks".
What am I missing here? Any pointers are appreciated.
Thanks,
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Derick Anderson: "RE: location of an IPS"
- Maybe in reply to: Doug Fox: "location of an IPS"
- Next in thread: Paul Schmehl: "Re: location of an IPS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
