Re: Firewall and IPS Deployment

[Sam Stelfox <sstelfox () vtc vsc edu>]

I strongly recommend you put it behind your firewall. By putting it
behind your firewall you will only get alerts for traffic that has
gotten through your firewall and as such the only things you should
really be concerned about. Either way an intrusion prevention system
will block all of the traffic that matches one of its rules. Since
intrusion prevention/detection systems tend to be rated for only a
certain amount of bandwidth throughput, it is a good idea strictly from
a hardware point of view to put it behind your firewall so less traffic
reaches it.

The only thing you gain by having the ips/ids outside of your firewall
is you will see /all/ of the bad traffic that floats around the
internet. We know its there. We know it's not going to go away. Having
an ips/ids outside of your firewall is essentially like having a police
officer waiting in the middle of the street stopping every car and
running background checks on the drivers rather than just the ones who
pull up in your driveway. Weird analogy I know but its the best I could
come up with.

Ressa wrote:
> Hi,
>
> i was wondering is there any consideration for deploying firewall and IPS. If the IPS should in front of firewall or 
> behind the firewall, and please also add the pros and cons.
>
> Regards,
>
>
> Ressa 
> Registered Linux User Number 336566
> Linux Newbie
>
> The information is provided as is without warranty of any kind. In no event shall the writer be liable for any 
> incidental, indirect or consequential damages of any kind, including, but not limited to : loss of business profits, 
> police knocking on your door, computer crashes, sharks attack, temporary short-term memory loss (some cases reported 
> recently), death of your pet or alien invasion...
>
>
>       
>