Re: location of an IPS

From: Paul Schmehl (pauls_at_utdallas.edu)
Date: 10/20/05

  • Next message: jeff-it_at_hush.com: "Does nSight sample?"
    Date: Thu, 20 Oct 2005 09:42:12 -0500
    To: Doug Fox <dfox168@hotmail.com>, focus-ids@securityfocus.com
    
    

    --On Wednesday, October 19, 2005 16:57:57 -0400 Doug Fox
    <dfox168@hotmail.com> wrote:

    > I'm sorry for this dumb question, which may have been answered many times.
    >
    > Where should one place an TippingPoint Unity 50 IPS device? Behind or in
    > front of a firewall?
    >
    That depends on what you're trying to protect. If you're trying to protect
    the firewall as well as your network and the IPS can handle the traffic,
    put it on the outside. If you're trying to protect your network and your
    firewall isn't having problems, put it on the inside.

    Ours is on the inside.

    > I have a/the TippingPoint behind a Check Point firewall. Even though we
    > externally and internally port-scanned the firewall and the IPS many
    > times, the activity log did not contain any record of the "attacks".
    >
    What activity log?

    Are you saying you're not seeing any hits on TP?

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/ir/security/

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------


  • Next message: jeff-it_at_hush.com: "Does nSight sample?"

    Relevant Pages

    • Re: Firewalls
      ... To enable or disable Internet Connection Firewall ... Open Network Connections ... protect, and then, under Network Tasks, click Change settings of this ...
      (microsoft.public.windowsxp.security_admin)
    • [fw-wiz] State of security technology for the enterprise
      ... enterprise network. ... Content filtering on the firewall ... VMWARE/Hypervisor sensors to protect my virtual infrastructure ...
      (Firewall-Wizards)
    • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
      ... Network IPS: ... this is dramatically different than a firewall that can close *connections* based on source-destination-port. ... The Network ... The Host ...
      (Firewall-Wizards)
    • Re: Need Norton Personal Firewall w/XP Home?
      ... > double-click Network Connections. ... > settings of this connection. ... > On the Advanced tab, under Internet Connection Firewall, select ... > the Protect my computer and network by limiting or preventing ...
      (microsoft.public.windowsxp.general)
    • RE: Experiences with Toplayer Attack Mitigator IPS
      ... Experiences with Toplayer Attack Mitigator IPS ... network intrusion uk guys who are coming out with the IPS shootout ... as security vendors are so fond of touting nowadays? ... > - Make firewall, VPN, and NAT rules interoperable across heterogeneous ...
      (Focus-IDS)