Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
General
Off-Topic
IDS and IPS Placement
kiki162
Ok this question is for all you network and security admins out there.
I'm trying to understand where you place an IDS and IPS throughout the network.
My initial understanding for NIDS placement is in Front of Perm FW, between FW and Border Router, between Perm FW and DMZ, and between FW and Internal Network
What is the typical best practice?
Find more posts tagged with
Comments
636-555-3226
If that's a multiple choice question I'd vote for between FW and Internal Network. Let the firewall drop the external garbage & the IPS filter out the rest in/out
kiki162
I understand the Internal placement, it's more at the perimeter.
I have access to SANS On Demand, and the doc says one in front of the perm FW, and the audio says after the perm FW, but mentions that there is really no point in having the IDS in front of the FW.
Just want to see if anyone else had opinions on this.
dhay13
having an IDS outside the firewall is only good for seeing what your firewall is seeing and stopping. more for information gathering than anything else. i really don't see much point in it other than that. internally it really depends on your network and what you are trying to achieve (separate VLANs or HIPS installed on individual servers, etc)
DragonNOA1
We have our IPS surrounding our firewall. From the outside, it blocks exploits against the firewall itself and on the inside we see internal IP's of who is infected/compromised.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
