Excluding the bulk of UDP from IPS processing - What's the impact?
- From: Bikram Gupta <bikramkgupta@xxxxxxxxx>
- Date: Wed, 26 Aug 2009 17:46:47 +0530
Scenario: Perimeter IPS deployment, with Stateful firewall at the egress point.
Traffic from out to in: Firewall will block all unsolicited UDP ports.
For the UDP ports where traffic is allowed (RTP data etc) through
firewall, do I have to pass it though IPS engine? Will there be cases
of exploits in such cases? Some examples please.
Traffic from in to out: I believe IPS processing for UDP flows must be
enabled here.. to detect some of the p2p, IM, skype, trojan etc
traffic.
I am trying to understand the impact, if I bypass the UDP flows from
IPS device? Can this be done realistically for some UDP traffic
(in->out, out->in), or NONE?
Thanks a lot.
Bikram
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
- Follow-Ups:
- RE: Excluding the bulk of UDP from IPS processing - What's the impact?
- From: Addepalli Srini-B22160
- Re: Excluding the bulk of UDP from IPS processing - What's the impact?
- From: Jamie Riden
- RE: Excluding the bulk of UDP from IPS processing - What's the impact?
- Prev by Date: Re: Reputation based IPS/IDS - Cisco's tested
- Next by Date: Re: Excluding the bulk of UDP from IPS processing - What's the impact?
- Previous by thread: Collaborative Network Forensics
- Next by thread: Re: Excluding the bulk of UDP from IPS processing - What's the impact?
- Index(es):
Relevant Pages
|
