Re: location of an IPS

From: Paul Schmehl (pauls_at_utdallas.edu)
Date: 10/20/05

  • Next message: jeff-it_at_hush.com: "Does nSight sample?"
    Date: Thu, 20 Oct 2005 09:42:12 -0500
    To: Doug Fox <dfox168@hotmail.com>, focus-ids@securityfocus.com
    
    

    --On Wednesday, October 19, 2005 16:57:57 -0400 Doug Fox
    <dfox168@hotmail.com> wrote:

    > I'm sorry for this dumb question, which may have been answered many times.
    >
    > Where should one place an TippingPoint Unity 50 IPS device? Behind or in
    > front of a firewall?
    >
    That depends on what you're trying to protect. If you're trying to protect
    the firewall as well as your network and the IPS can handle the traffic,
    put it on the outside. If you're trying to protect your network and your
    firewall isn't having problems, put it on the inside.

    Ours is on the inside.

    > I have a/the TippingPoint behind a Check Point firewall. Even though we
    > externally and internally port-scanned the firewall and the IPS many
    > times, the activity log did not contain any record of the "attacks".
    >
    What activity log?

    Are you saying you're not seeing any hits on TP?

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/ir/security/

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------


  • Next message: jeff-it_at_hush.com: "Does nSight sample?"