Doug,
If your IPS can provide DDoS protection in addition to the Malicious Content
protection you should place the IPS in front of the Checkpoint FW in order
to also protect the FW from the DDoS attacks.
If your IPS can only provide Malicious Content protection, you should place
it behind the FW.
Note: I work for a company that is also selling IPS.
Kyriacos (Ken) Georgiades
Senior Director, Product Line Management
Top Layer Networks, Inc
Tel: 508 870 1300 x 231
Cell: 508 783 5988
Fax: 508 870 9797
Email: kgeorgiades@toplayer.com
www.toplayer.com
-----Original Message-----
From: Doug Fox [mailto:dfox168@hotmail.com]
Sent: Wednesday, October 19, 2005 4:58 PM
To: focus-ids@securityfocus.com
Subject: location of an IPS
I'm sorry for this dumb question, which may have been answered many times.
Where should one place an TippingPoint Unity 50 IPS device? Behind or in
front of a firewall?
I have a/the TippingPoint behind a Check Point firewall. Even though we
externally and internally port-scanned the firewall and the IPS many times,
the activity log did not contain any record of the "attacks".
What am I missing here? Any pointers are appreciated.
Thanks,
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
