Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: location of an IPS

from [FinAckSyn] Network Security [Permanent Link]
Subject: Re: location of an IPS
Date: Thu, 20 Oct 2005 14:29:28 +0100 (BST) 
An IPS should be placed in front of the firewall, to
provide complete network protection.
However, the Unity 50 is quite low spec - 5,000
connections per second, 5,000 concurrent connections.
Bearing in mind most Check Point firewalls have a
default connection table size of 40,000 (?)
connections, then putting the Unity 50 in front of
your firewall would be a bottleneck.
Assuming small packet size (512bits per packet), then
5,000 of these per second equates to just under 3Mbs.
If your Internet feed is less than this, then no
problem.  If it's higher, then the Unity 50 would not
be able to handle a 3Mbs pipe full of small packets. 
You should really design your perimeter with this
worse case scenario in mind, especially if you have
negotiated burst rates with your ISP and your ISP feed
can suddenly shoot up in usage.
Port scans should be blocked by the firewall - all
irrelevant ports are discarded at this point.  I'm not
sure how the Unity 50 handles port scans, I haven't
played with one yet...  ;)

Regards,

Matt




--- Doug Fox <dfox168@hotmail.com> wrote:


I'm sorry for this dumb question, which may have
been answered many times.

Where should one place an TippingPoint Unity 50 IPS
device?  Behind or in 
front of a firewall?

I have a/the TippingPoint behind a Check Point
firewall. Even though we 
externally and internally port-scanned the firewall
and the IPS many times, 
the activity log did not contain any record of the
"attacks".

What am I missing here?  Any pointers are
appreciated.

Thanks,



------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.


------------------------------------------------------------------------







                
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! 
Security Centre. http://uk.security.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Juniper Vs Tipping point, Intrushield and Stonegate, Bob Walder
Next by Date:  RE: Juniper Vs Tipping point, Intrushield and Stonegate, Madalin Bratu
Previous by Thread:  Re: location of an IPS, Kurt Seifried
Next by Thread:  Re: location of an IPS, Kurt Seifried
Indexes:  [Date] [Thread] [Top] [All Lists]