IPS/IDS location suggestions in Network.
- From: "Albert R. Campa" <abcampa@xxxxxxxxx>
- Date: Fri, 14 Mar 2008 11:40:49 -0500
ttp://uploader.futbolmex.net/files/1/network.JPG
See link for Network design, design for redundancy and speed.
these boxes are routers and links are 10gb.
different network segements will be hanging off of the 4 routers at
the bottom.
There will be an IPS higher up in the mix between the 2 top routers
and the internets as well as other stuff.
Main corporate network will be hanging off each of the 4 bottom switches.
So the goal is to monitor internal traffic between 4 network segments.
Idea of Cisco module IDS in the 2 top routers is scratched.
So what about in-line IPS on each of the links between the 4 routers
and the 2?
ISS has the GX6116 that runs at 6gb in filtering mode, 15gb non
filtering, hehe.
Sourcefire just sent me an email about their 10gb solution, but I dont
know if it has as many ports as the ISS box.
Is this even a good location for an inline IPS? It seems like the only
place other than the boarder where I can get any concentrated traffic,
but at the border I cant get internal traffic.
Any suggestions?
Saludos
Albert
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- Re: IPS/IDS location suggestions in Network.
- From: brian_smith
- Re: IPS/IDS location suggestions in Network.
- From: Gleb Paharenko
- Re: IPS/IDS location suggestions in Network.
- Prev by Date: RE: Obfuscated web pages
- Next by Date: Re: IPS/IDS location suggestions in Network.
- Previous by thread: Re: Obfuscated web pages
- Next by thread: Re: IPS/IDS location suggestions in Network.
- Index(es):
Relevant Pages
|
