Security Basics mailing list archives
Re: Firewall and IPS Deployment
From: Sam Stelfox <sstelfox () vtc vsc edu>
Date: Fri, 13 Feb 2009 11:45:30 -0500
I strongly recommend you put it behind your firewall. By putting it behind your firewall you will only get alerts for traffic that has gotten through your firewall and as such the only things you should really be concerned about. Either way an intrusion prevention system will block all of the traffic that matches one of its rules. Since intrusion prevention/detection systems tend to be rated for only a certain amount of bandwidth throughput, it is a good idea strictly from a hardware point of view to put it behind your firewall so less traffic reaches it. The only thing you gain by having the ips/ids outside of your firewall is you will see /all/ of the bad traffic that floats around the internet. We know its there. We know it's not going to go away. Having an ips/ids outside of your firewall is essentially like having a police officer waiting in the middle of the street stopping every car and running background checks on the drivers rather than just the ones who pull up in your driveway. Weird analogy I know but its the best I could come up with. Ressa wrote:
Hi, i was wondering is there any consideration for deploying firewall and IPS. If the IPS should in front of firewall or behind the firewall, and please also add the pros and cons. Regards, Ressa Registered Linux User Number 336566 Linux Newbie The information is provided as is without warranty of any kind. In no event shall the writer be liable for any incidental, indirect or consequential damages of any kind, including, but not limited to : loss of business profits, police knocking on your door, computer crashes, sharks attack, temporary short-term memory loss (some cases reported recently), death of your pet or alien invasion...
Current thread:
- Firewall and IPS Deployment Ressa (Feb 13)
- Re: Firewall and IPS Deployment Sam Stelfox (Feb 13)
- Re: Firewall and IPS Deployment David Gadoury (Feb 18)
- Re: Firewall and IPS Deployment Javier Reyna (Feb 18)
- Re: Firewall and IPS Deployment aditya mukadam (Feb 18)
- Re: Firewall and IPS Deployment Fadil S (Feb 18)
- Re: Firewall and IPS Deployment Javier Reyna (Feb 18)
- Message not available
- Re: Firewall and IPS Deployment Fadil S (Feb 19)
- Re: Firewall and IPS Deployment Fadil S (Feb 18)
- <Possible follow-ups>
- Re: Re: Firewall and IPS Deployment praveen_recker (Feb 17)
- Re: Firewall and IPS Deployment dan . crowley (Feb 17)
- Re: Re: Firewall and IPS Deployment stcroix111 (Feb 17)