Re: Firewall and IPS Deployment

[aditya mukadam <aditya.mukadam () gmail com>]

Ressa,

Im sure you would have got some idea based on the responses received
to your question.

My view:

The deployment depends on:
1) security requirement
2) amount of traffic on the outside and inside segment
3) type of equipment you want to use

* It is highly recommended to deploy IPS between your local LAN and
the Corporate/Internet Firewall.
* IPS can be deployed in front of the Internet Firewall however,you
need to determine the amount of traffic this IPS would get. For
example if you expect lot of internet worms/virus etc traffic then you
need a higher end IPS facing internet.
* Separate signature/filtering profiles can be for different segments.

Hope this helps.

Thanks,
Aditya Govind Mukadam

On Fri, Feb 13, 2009 at 1:06 PM, Ressa <ressa4299 () yahoo com> wrote:
> Hi,
>
> i was wondering is there any consideration for deploying firewall and IPS. If the IPS should in front of firewall or 
> behind the firewall, and please also add the pros and cons.
>
> Regards,
>
>
> Ressa
> Registered Linux User Number 336566
> Linux Newbie
>
> The information is provided as is without warranty of any kind. In no event shall the writer be liable for any 
> incidental, indirect or consequential damages of any kind, including, but not limited to : loss of business profits, 
> police knocking on your door, computer crashes, sharks attack, temporary short-term memory loss (some cases reported 
> recently), death of your pet or alien invasion...