RE: location of an IPS

kgeorgiades_at_toplayer.com
Date: 10/21/05

  • Next message: crazy frog crazy frog: "Re: Current IDS problems" 
    To: dfox168@hotmail.com, focus-ids@securityfocus.com
Date: Thu, 20 Oct 2005 22:31:45 -0400

    Doug,

    If your IPS can provide DDoS protection in addition to the Malicious Content
    protection you should place the IPS in front of the Checkpoint FW in order
    to also protect the FW from the DDoS attacks.

    If your IPS can only provide Malicious Content protection, you should place
    it behind the FW.

    Note: I work for a company that is also selling IPS.

    Kyriacos (Ken) Georgiades
    Senior Director, Product Line Management
    Top Layer Networks, Inc
    Tel: 508 870 1300 x 231
    Cell: 508 783 5988
    Fax: 508 870 9797
    Email: kgeorgiades@toplayer.com
    www.toplayer.com

    -----Original Message-----
    From: Doug Fox [mailto:dfox168@hotmail.com]
    Sent: Wednesday, October 19, 2005 4:58 PM
    To: focus-ids@securityfocus.com
    Subject: location of an IPS

    I'm sorry for this dumb question, which may have been answered many times.

    Where should one place an TippingPoint Unity 50 IPS device? Behind or in
    front of a firewall?

    I have a/the TippingPoint behind a Check Point firewall. Even though we
    externally and internally port-scanned the firewall and the IPS many times,
    the activity log did not contain any record of the "attacks".

    What am I missing here? Any pointers are appreciated.

    Thanks,

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

  • Next message: crazy frog crazy frog: "Re: Current IDS problems"

    Relevant Pages

    • RE: Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor
      ... Cisco IPS is not simply an inline IDS. ... zero-day, or zero-hour, worm protection all by itself. ... of a firewall product, like network address translation and VPN. ... Cisco IDS 4250 vs Sourcefire IS3000 + RNA Sensor ...
      (Focus-IDS)
    • Re: IPS - Cisco vs. McAfee vs. Tippingpoint
      ... IPS (especially if you are using 7.0 software, ... Depending on the type and severity of the DDoS attack, ... protection as primary features.  They also are ...
      (Focus-IDS)
    • Re: IPS arguments
      ... A firewall is only going to block or allow traffic on specific ports ... Endpoint Protection is basically similar to an Antivirus installed on ... the audited company a CISCO IPS using the results of the pen test. ... Well the thing is that the CIO of that company is refusing to install ...
      (Pen-Test)
    • RE: location of an IPS
      ... What good can an IPS make in a DOS attack in front of your firewall??? ... If your IPS can provide DDoS protection in addition to the Malicious Content ... the activity log did not contain any record of the "attacks". ...
      (Focus-IDS)
    • RE: Alarm response strategies
      ... Signature/Rule based IPS is fine used in this methd. ... >> Are all of the responses used with a logical sense? ... >> attacks from CORE IMPACT. ... Find out quickly and easily by testing it with real-world attacks from CORE ...
      (Focus-IDS)