topic Need to have a IDS/IPS system for LAN Users in Network Security

Need to have a IDS/IPS system for LAN Users

littlespace — Tue, 26 Mar 2019 00:20:34 GMT

Hi,

I need to have a IDS/IPS for my local users in my network. we have 3xcisco 6509 in access layer switch with 4 VLANS and I am looking for a system to detect activities like Port scan, IP scan and ,... in local network from the workstations.

Please advise me.

Thanks,

Mike

Need to have a IDS/IPS system for LAN Users

Julio Carvajal — Mon, 22 Oct 2012 23:54:24 GMT

Hello,

Please check the following link so you can have a better understanding about the performance capacity of the IPS sensors.

Based on that you can choose the solution you can implement but that will depend on how many data traverse your network.

Hope this helps,

Remember to rate all of the helpful posts

Julio

Need to have a IDS/IPS system for LAN Users

littlespace — Tue, 23 Oct 2012 03:12:37 GMT

I need to have 1Gbps IPS. I have checked Juniper IDP 800 and Cisco IPS 4360. which one is better?

any thought?

Thanks,

Mike

Need to have a IDS/IPS system for LAN Users

Julio Carvajal — Tue, 23 Oct 2012 16:07:58 GMT

Hello,

I forget to post the link.

Here you go:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/ps9157/product_data_sheet09186a008014873c_ps4077_Products_Data_Sheet.html

IPS 4260 rocks man, I am used to work with the IPS sensors so I can tell you they will provide you as much granularity as you want

They support a way extended range of features that will provide a dynamic protection to your company,

Remember to rate all of the answers. that is as important as a thanks for the community.

Need to have a IDS/IPS system for LAN Users

littlespace — Tue, 23 Oct 2012 16:23:00 GMT

Thank you Julio,

I have 3x Cisco 6509 and 1 Internet Router. I am really confuse of putting the IPS device in between of those devices.

Should I connect each switch's uplinks directly to the IPS device and then from IPS to the other Switch?

Please advise.

Thanks,

Mike

Need to have a IDS/IPS system for LAN Users

Julio Carvajal — Tue, 23 Oct 2012 16:41:06 GMT

Hello,

There are several ways to implement the IPS,

The question is do you want to have it inline or on promiscous mode?

If inline you could have it as an inline interface pair, inline vlan pair, inline vlan groups.

Regards,

Need to have a IDS/IPS system for LAN Users

littlespace — Tue, 23 Oct 2012 16:50:55 GMT

I am thinking of IDS mode with SPAN my VLAN traffics to the IPS/IDS device.

is it a good idea to SPAN the VLANs?

like (config)#monitor session 1 source vlan 10

Need to have a IDS/IPS system for LAN Users

Julio Carvajal — Tue, 23 Oct 2012 17:02:48 GMT

Hello,

Span vlans is good, no problem at all but I would recommend 100% to go for the IPS mode instead of IDS. Way more secure and restrictive,

Regards

Need to have a IDS/IPS system for LAN Users

littlespace — Tue, 23 Oct 2012 17:45:42 GMT

if I go with IPS mode and connect switch uplinks to the IPS then I can not monitor local VLAN traffic on each switch. becuse I do not have Core switch in the network and each vlan traffic will stay on the switches and will not pass the uplinks.

Need to have a IDS/IPS system for LAN Users

Julio Carvajal — Tue, 23 Oct 2012 17:47:36 GMT

Hello,

No problem as you can SPAN the sessions on specific ports to the port going to the IPS.

Please check the configuration for each of the modes I presented before:

inline interface pair, inline vlan pair, inline vlan groups.

Need to have a IDS/IPS system for LAN Users

littlespace — Tue, 23 Oct 2012 17:52:15 GMT

can I span 3 vlan to 1 port which is connected to the IPS?

also I think I am going with Juniper IDP 800 becuse it is cheaper than cisco.

Thanks,

Mike

Need to have a IDS/IPS system for LAN Users

Julio Carvajal — Tue, 23 Oct 2012 18:10:40 GMT

Hello,

Regarding one being cheaper than the other I cannot argue on that one

Now one will provide more features and protection than the other one but yes if you think that with the other IPS you will be good then you are set to go

Last but not least here are some links I think will help you regarding the IPS deployment ( 3 vlans ---- Inline vlan group deployment)

https://supportforums.cisco.com/message/3727610#3727610

http://securiosity.blogspot.com/2011/01/cisco-ips-vlan-groups.html

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_interfaces.html#wp1063187

http://popravak.wordpress.com/2012/03/30/cisco-ips-scenario-three-inline-vlan-pairs/

Regards,

Julio

Need to have a IDS/IPS system for LAN Users

littlespace — Tue, 23 Oct 2012 19:09:54 GMT

You are awesome! Thanks for your help.

Need to have a IDS/IPS system for LAN Users

Julio Carvajal — Tue, 23 Oct 2012 19:34:46 GMT

Hello,

Glad I could help

Have a great day ( thanks for the comments and rating )

Julio