IPS/IDS location suggestions in Network.

["Albert R. Campa" <abcampa () gmail com>]

ttp://uploader.futbolmex.net/files/1/network.JPG


 See link for Network design, design for redundancy and speed.

  these boxes are routers and links are 10gb.

  different network segements will be hanging off of the 4 routers at
the bottom.

  There will be an IPS higher up in the mix between the 2 top routers
  and the internets as well as other stuff.

  Main corporate network will be hanging off each of the 4 bottom switches.

  So the goal is to monitor internal traffic between 4 network segments.

  Idea of Cisco module IDS in the 2 top routers is scratched.

  So what about in-line IPS on each of the links between the 4 routers
and the 2?
  ISS has the GX6116 that runs at 6gb in filtering mode, 15gb non
filtering, hehe.
  Sourcefire just sent me an email about their 10gb solution, but I dont
  know if it has as many ports as the ISS box.

  Is this even a good location for an inline IPS? It seems like the only
  place other than the boarder where I can get any concentrated traffic,
  but at the border I cant get internal traffic.

  Any suggestions?

  Saludos

  Albert

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------