- Location of an IPS
- Posted by Doug Fox on October 20th, 2005
Where should I installed a network-based Intrusion Prevention System (IPS)?
Is it in front of a firewall or behind it?
The IPS is a Tipping Point Unity 50.
Any comments are appreciated.
- Posted by Hairy One Kenobi on October 20th, 2005
"Doug Fox" <dfox168@hotmail.com> wrote in message
news:3f-dnZ3zzqLKcMvenZ2dnUVZ_sidnZ2d@rogers.com...
Place it where you'd put any other hardware firewall?
--
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!
- Posted by nicolas denis on October 20th, 2005
Well it depends of the purpose.
If you want to increase the security in your lan : behind it.
Why ? All the traffic that your firewall blocks doesn't have to be
analysed since it can't get inside your lan and be dangerous.
If you want to monitor all the traffic to see if someone is trying to
break into your network : in front of it.
I think that the first choice is the best one. Moreover, if you really
want to monitor all the traffic, those equipments generate a lot of log
files and also a lot of false alarms : analysing this data could take
you hours and you have to be well trained to understand it and catch
malicious activities.
It's generaly more relevant to install it behind your firewall.
Doug Fox a écrit Le 20/10/2005 03:06 :
