IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: location of an IPS

From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 20 Oct 2005 09:42:12 -0500
--On Wednesday, October 19, 2005 16:57:57 -0400 Doug Fox <dfox168 () hotmail com> wrote: 


I'm sorry for this dumb question, which may have been answered many times.

Where should one place an TippingPoint Unity 50 IPS device?  Behind or in
front of a firewall?
That depends on what you're trying to protect. If you're trying to protect the firewall as well as your network and the IPS can handle the traffic, put it on the outside. If you're trying to protect your network and your firewall isn't having problems, put it on the inside. 

Ours is on the inside.


I have a/the TippingPoint behind a Check Point firewall. Even though we
externally and internally port-scanned the firewall and the IPS many
times, the activity log did not contain any record of the "attacks".


What activity log?

Are you saying you're not seeing any hits on TP?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: