IDS mailing list archives
Re: IPS/IDS location suggestions in Network.
From: brian_smith () 3com com
Date: Mon, 24 Mar 2008 16:40:53 -0500
[Full disclosure: I work for TippingPoint] Two other vendors that have 10G products are McAfee and TippingPoint. Both vendors have 10 gig solutions. I can't speak for MFE, SourceFire, or ISS, but I can say that TippingPoint has many customers that run inline IPS up in the network where you indicate. As a reality check, you should ask all vendors for several references (maybe 5) that are running the device inline, high up in the network, and you should call the references and see how it's going. You learn a lot that sales won't volunteer (or will offer up as FUD :-) talking to other customers. Brian Smith TippingPoint "Albert R. Campa" <abcampa () gmail com> Sent by: listbounce () securityfocus com 03/14/2008 11:40 AM To focus-ids () securityfocus com cc Subject IPS/IDS location suggestions in Network. ttp://uploader.futbolmex.net/files/1/network.JPG See link for Network design, design for redundancy and speed. these boxes are routers and links are 10gb. different network segements will be hanging off of the 4 routers at the bottom. There will be an IPS higher up in the mix between the 2 top routers and the internets as well as other stuff. Main corporate network will be hanging off each of the 4 bottom switches. So the goal is to monitor internal traffic between 4 network segments. Idea of Cisco module IDS in the 2 top routers is scratched. So what about in-line IPS on each of the links between the 4 routers and the 2? ISS has the GX6116 that runs at 6gb in filtering mode, 15gb non filtering, hehe. Sourcefire just sent me an email about their 10gb solution, but I dont know if it has as many ports as the ISS box. Is this even a good location for an inline IPS? It seems like the only place other than the boarder where I can get any concentrated traffic, but at the border I cant get internal traffic. Any suggestions? Saludos Albert ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster () 3com com.
Current thread:
- IPS/IDS location suggestions in Network. Albert R. Campa (Mar 18)
- Re: IPS/IDS location suggestions in Network. Gleb Paharenko (Mar 19)
- Re: IPS/IDS location suggestions in Network. brian_smith (Mar 25)