Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: location of an IPS

from [Paul Schmehl] Network Security [Permanent Link]
Subject: Re: location of an IPS
Date: Thu, 20 Oct 2005 09:42:12 -0500
--On Wednesday, October 19, 2005 16:57:57 -0400 Doug Fox <dfox168@hotmail.com> wrote:

I'm sorry for this dumb question, which may have been answered many times.

Where should one place an TippingPoint Unity 50 IPS device?  Behind or in
front of a firewall?

That depends on what you're trying to protect. If you're trying to protect the firewall as well as your network and the IPS can handle the traffic, put it on the outside. If you're trying to protect your network and your firewall isn't having problems, put it on the inside.

Ours is on the inside.

I have a/the TippingPoint behind a Check Point firewall. Even though we
externally and internally port-scanned the firewall and the IPS many
times, the activity log did not contain any record of the "attacks".

What activity log?

Are you saying you're not seeing any hits on TP?

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TippingPoint and its filters, Paul Schmehl
Next by Date:  Does nSight sample?, jeff-it
Previous by Thread:  Re: location of an IPS, FinAckSyn
Next by Thread:  Re: location of an IPS, ilaiy
Indexes:  [Date] [Thread] [Top] [All Lists]