Security Basics mailing list archives
Re: Re: Firewall and IPS Deployment
From: praveen_recker () sify com
Date: Tue, 17 Feb 2009 07:58:37 -0700
The flow for IDS should look like Internetwork---->Firewall---->IDS Firewall is used to block IP Addresses, Ports etc. IDS/IPS on the other hand brings granularity. Suppose you are maintaining a web server then you'll allow data on port 80. Some malilicious user sends attack towards ur web-server. Firewall will allow that data but IDS will and raise an alarm if respective Signature exists and in the case of IPS it might even RESET the session based upon the Signature. If you put the IDS infront of the firewall the it has to analyse all the data (from port 0 to 65535)which is real wastage and IDS/IPS might not have good performance. IT IS ALWAYS PREFERABLE TO USE IDS/IPS AFTER FIREWALL. Praveen Darshanam, Security Researcher, INDIA
Current thread:
- Firewall and IPS Deployment Ressa (Feb 13)
- Re: Firewall and IPS Deployment Sam Stelfox (Feb 13)
- Re: Firewall and IPS Deployment David Gadoury (Feb 18)
- Re: Firewall and IPS Deployment Javier Reyna (Feb 18)
- Re: Firewall and IPS Deployment aditya mukadam (Feb 18)
- Re: Firewall and IPS Deployment Fadil S (Feb 18)
- Re: Firewall and IPS Deployment Javier Reyna (Feb 18)
- Message not available
- Re: Firewall and IPS Deployment Fadil S (Feb 19)
- Re: Firewall and IPS Deployment Fadil S (Feb 18)
- <Possible follow-ups>
- Re: Re: Firewall and IPS Deployment praveen_recker (Feb 17)
- Re: Firewall and IPS Deployment dan . crowley (Feb 17)
- Re: Re: Firewall and IPS Deployment stcroix111 (Feb 17)