Home page logo
/

basics logo Security Basics mailing list archives

RE: IPS vs Firewall
From: sonicely () cbn net id
Date: Fri, 30 Apr 2004 09:35:45 +0700 (WIT)

I think it's the best way to put an IPS on the WAN and the LAN at the same
time. NAI IPS Intruvert can do multi-rules on different VLAN or even the
port. The reason that you need to put that in both side, is to figure out
whether an intrusion has been successfully go in to the servers inside you
LAN/DMZ. An if somebody from the inside want to play around with your DMZ,
you will know it where it came from. If you put the IPS outside of the
Firewall, sometimes you got an attack that already NAT-ed and you can't
know in 1 seconds who is he really.

Please correct me if I'm wrong.

rgds,


If you put the IPS outside of the firewall then be prepared for some
massive amounts of logs! I currently have a similar setup and just the raw
number of people setting out there running nessus and other tools quickly
filled my logs up. I have since tuned the box and now recieve a decent
amount of logs but i am wondering if it still doing me any good in a
highly tuned state? my original idea was to put it outside the firewall so
i could see everything that is hitting the firewall, but this just isnt
possible in my setup.

-----Original Message-----
From: Benny Late [mailto:lvmygop () hotmail com]
Sent: Tuesday, April 27, 2004 3:16 PM
To: security-basics () securityfocus com
Subject: IPS vs Firewall


List,

I am to give a presentation concerning IPS vs. IDS and why we have decided
to implement an IPS solution.  I have stuff about each of those, but my
big
problem is going to come from my LAN/WAN group.  Because I've decided to
place the IPS outside the firewall, they have already moaned about it and
I
know they're going to bring up why we need IPS vs. Firewall.  I have stuff
about what firewalls don't look for or do compared to IPS.

My question is, how would you go about showing that firewalls or BigIP
routers can be attacked directly?  For those of you concidering IPS, can
you
impart any of the knowledge gained by implementing your solutions?

Many thanks,
Benny

_________________________________________________________________
From must-see cities to the best beaches, plan a getaway with the Spring
Travel Guide! http://special.msn.com/local/springtravel.armx


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault