See link for Network design, design for redundancy and speed.
these boxes are routers and links are 10gb.
different network segements will be hanging off of the 4 routers at
the bottom.
There will be an IPS higher up in the mix between the 2 top routers
and the internets as well as other stuff.
Main corporate network will be hanging off each of the 4 bottom switches.
So the goal is to monitor internal traffic between 4 network segments.
Idea of Cisco module IDS in the 2 top routers is scratched.
So what about in-line IPS on each of the links between the 4 routers
and the 2?
ISS has the GX6116 that runs at 6gb in filtering mode, 15gb non
filtering, hehe.
Sourcefire just sent me an email about their 10gb solution, but I dont
know if it has as many ports as the ISS box.
Is this even a good location for an inline IPS? It seems like the only
place other than the boarder where I can get any concentrated traffic,
but at the border I cant get internal traffic.
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
See link for Network design, design for redundancy and speed.
these boxes are routers and links are 10gb.
different network segements will be hanging off of the 4 routers at
the bottom.
There will be an IPS higher up in the mix between the 2 top routers
and the internets as well as other stuff.
Main corporate network will be hanging off each of the 4 bottom switches.
So the goal is to monitor internal traffic between 4 network segments.
Idea of Cisco module IDS in the 2 top routers is scratched.
So what about in-line IPS on each of the links between the 4 routers
and the 2?
ISS has the GX6116 that runs at 6gb in filtering mode, 15gb non
filtering, hehe.
Sourcefire just sent me an email about their 10gb solution, but I dont
know if it has as many ports as the ISS box.
Is this even a good location for an inline IPS? It seems like the only
place other than the boarder where I can get any concentrated traffic,
but at the border I cant get internal traffic.
Any suggestions?
Saludos
Albert
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]