Re: location of an IPS

From: ilaiy (ilaiy.e_at_gmail.com)
Date: 10/21/05

Next message: Seek Knowledge: "Re: location of an IPS"

Previous message: infosecteam_at_gmail.com: "Vernier - Edgewall appliances?"
In reply to: Doug Fox: "location of an IPS"
Next in thread: Seek Knowledge: "Re: location of an IPS"
Maybe reply: asalo_at_tippingpoint.com: "Re: Re: location of an IPS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 21 Oct 2005 15:47:46 -0500
To: Doug Fox <dfox168@hotmail.com>

IPS could be either kept externally or internally .. Most of them
prefer to keep an external one ..(but patched completely)

Just check the rules for the IPS you may not have given one for the
port scan ..

./thanks
ilaiy

On 10/19/05, Doug Fox <dfox168@hotmail.com> wrote:
> I'm sorry for this dumb question, which may have been answered many times.
>
> Where should one place an TippingPoint Unity 50 IPS device? Behind or in
> front of a firewall?
>
> I have a/the TippingPoint behind a Check Point firewall. Even though we
> externally and internally port-scanned the firewall and the IPS many times,
> the activity log did not contain any record of the "attacks".
>
> What am I missing here? Any pointers are appreciated.
>
> Thanks,
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Next message: Seek Knowledge: "Re: location of an IPS"

Previous message: infosecteam_at_gmail.com: "Vernier - Edgewall appliances?"
In reply to: Doug Fox: "location of an IPS"
Next in thread: Seek Knowledge: "Re: location of an IPS"
Maybe reply: asalo_at_tippingpoint.com: "Re: Re: location of an IPS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Current IDS problems
... We're actually working an IPS here. ... >>with real-world attacks from CORE IMPACT. ... >ting ding ting ding ting ding ...
(Focus-IDS)
Re: Analysing and configuring IPS/IDS Policies
... If you have no faith in the firewall or you are concerned about more ... Remove the IPS from the network. ... policies and logs on those devices. ...
(Focus-IDS)
RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
... IPS has been pretty much been expected to weed out the known bad traffics on ... looks for these type of behaviour in a sequence of packets, ... firewall don't make these kind of mistakes. ... decently good ones will go through the trouble of reassembling the packets ...
(Firewall-Wizards)
Re: Wishlist for IPS Products
... And what about blocking fragmented packets entirely. ... This knocks out most IPS vendors like Tipping Point. ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
... it merely does string-matchings on the packets alone. ... Network IPS: ... A software shim (firewall) that sits between the kernel and the application. ... deployed deep inside a network. ...
(Firewall-Wizards)