Re: Firewall and IPS Deployment

[Fadil S <fsutomo () gmail com>]

Guys,

What about the all-in-one firewalls. Don't you guys think that it is
better to implement one? You will have a better TCO and less
maintenance anyways, right? Or wrong?

Thanks,
Fadil

On 2/19/09, aditya mukadam <aditya.mukadam () gmail com> wrote:
> Ressa,
>
> Im sure you would have got some idea based on the responses received
> to your question.
>
> My view:
>
> The deployment depends on:
> 1) security requirement
> 2) amount of traffic on the outside and inside segment
> 3) type of equipment you want to use
>
> * It is highly recommended to deploy IPS between your local LAN and
> the Corporate/Internet Firewall.
> * IPS can be deployed in front of the Internet Firewall however,you
> need to determine the amount of traffic this IPS would get. For
> example if you expect lot of internet worms/virus etc traffic then you
> need a higher end IPS facing internet.
> * Separate signature/filtering profiles can be for different segments.
>
> Hope this helps.
>
> Thanks,
> Aditya Govind Mukadam
>
> On Fri, Feb 13, 2009 at 1:06 PM, Ressa <ressa4299 () yahoo com> wrote:
> > Hi,
> >
> > i was wondering is there any consideration for deploying firewall and IPS.
> > If the IPS should in front of firewall or behind the firewall, and please
> > also add the pros and cons.
> >
> > Regards,
> >
> >
> > Ressa
> > Registered Linux User Number 336566
> > Linux Newbie
> >
> > The information is provided as is without warranty of any kind. In no
> > event shall the writer be liable for any incidental, indirect or
> > consequential damages of any kind, including, but not limited to : loss of
> > business profits, police knocking on your door, computer crashes, sharks
> > attack, temporary short-term memory loss (some cases reported recently),
> > death of your pet or alien invasion...