RE: IPS vs Firewall

sonicely_at_cbn.net.id
Date: 04/30/04

  • Next message: Sanjay K. Patel: "RE: IPS vs Firewall"
    Date: Fri, 30 Apr 2004 09:35:45 +0700 (WIT)
    To: security-basics@securityfocus.com
    
    

    I think it's the best way to put an IPS on the WAN and the LAN at the same
    time. NAI IPS Intruvert can do multi-rules on different VLAN or even the
    port. The reason that you need to put that in both side, is to figure out
    whether an intrusion has been successfully go in to the servers inside you
    LAN/DMZ. An if somebody from the inside want to play around with your DMZ,
    you will know it where it came from. If you put the IPS outside of the
    Firewall, sometimes you got an attack that already NAT-ed and you can't
    know in 1 seconds who is he really.

    Please correct me if I'm wrong.

    rgds,

    > If you put the IPS outside of the firewall then be prepared for some
    > massive amounts of logs! I currently have a similar setup and just the raw
    > number of people setting out there running nessus and other tools quickly
    > filled my logs up. I have since tuned the box and now recieve a decent
    > amount of logs but i am wondering if it still doing me any good in a
    > highly tuned state? my original idea was to put it outside the firewall so
    > i could see everything that is hitting the firewall, but this just isnt
    > possible in my setup.
    >
    > -----Original Message-----
    > From: Benny Late [mailto:lvmygop@hotmail.com]
    > Sent: Tuesday, April 27, 2004 3:16 PM
    > To: security-basics@securityfocus.com
    > Subject: IPS vs Firewall
    >
    >
    > List,
    >
    > I am to give a presentation concerning IPS vs. IDS and why we have decided
    > to implement an IPS solution. I have stuff about each of those, but my
    > big
    > problem is going to come from my LAN/WAN group. Because I've decided to
    > place the IPS outside the firewall, they have already moaned about it and
    > I
    > know they're going to bring up why we need IPS vs. Firewall. I have stuff
    > about what firewalls don't look for or do compared to IPS.
    >
    > My question is, how would you go about showing that firewalls or BigIP
    > routers can be attacked directly? For those of you concidering IPS, can
    > you
    > impart any of the knowledge gained by implementing your solutions?
    >
    > Many thanks,
    > Benny
    >
    > _________________________________________________________________
    > From must-see cities to the best beaches, plan a getaway with the Spring
    > Travel Guide! http://special.msn.com/local/springtravel.armx
    >
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or
    > less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    > skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ----------------------------------------------------------------------------
    >
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or
    > less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    > skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ----------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Sanjay K. Patel: "RE: IPS vs Firewall"

    Relevant Pages

    • Re: Analysing and configuring IPS/IDS Policies
      ... If you have no faith in the firewall or you are concerned about more ... Remove the IPS from the network. ... policies and logs on those devices. ...
      (Focus-IDS)
    • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
      ... IPS has been pretty much been expected to weed out the known bad traffics on ... looks for these type of behaviour in a sequence of packets, ... firewall don't make these kind of mistakes. ... decently good ones will go through the trouble of reassembling the packets ...
      (Firewall-Wizards)
    • RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
      ... it merely does string-matchings on the packets alone. ... Network IPS: ... A software shim (firewall) that sits between the kernel and the application. ... deployed deep inside a network. ...
      (Firewall-Wizards)
    • RE: IPS vs Firewall
      ... Might I suggest using the witty worm as an example? ... > to implement an IPS solution. ... > place the IPS outside the firewall, ... of an Ethical Hacker to better assess the security of your organization. ...
      (Security-Basics)
    • Re: IPS, alternative solutions
      ... >> the best use case I have seen for IPS. ... > One of the spots where an IPS beats a firewall hands down is on the ... Which is broken behaviour in the name of security. ... should be a combination of packet filters and proxies anyway). ...
      (Focus-IDS)