cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
1861
Views
0
Helpful
13
Replies
Highlighted
Beginner

Need to have a IDS/IPS system for LAN Users

Hi,

I need to have a IDS/IPS for my local users in my network. we have 3xcisco 6509 in access layer switch with 4 VLANS and I am looking for a system to detect activities like Port scan, IP scan and ,... in local network from the workstations.

Please advise me.

Thanks,

Mike

Everyone's tags (3)
3 ACCEPTED SOLUTIONS

Accepted Solutions

Need to have a IDS/IPS system for LAN Users

Hello,

Span vlans is good, no problem at all but I would recommend 100% to go for the IPS mode instead of IDS. Way more secure and restrictive,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Need to have a IDS/IPS system for LAN Users

Hello,

No problem as you can SPAN the sessions on specific ports to the port going to the IPS.

Please check the configuration for each of the modes I presented before:

inline interface pair, inline vlan pair, inline vlan groups.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Need to have a IDS/IPS system for LAN Users

Hello,

Regarding one being cheaper than the other I cannot argue on that one

Now one will provide more features and protection than the other one but yes if you think that with the other IPS you will be good then you are set to go

Last but not least here are some links I think will help you regarding the IPS deployment ( 3 vlans ---- Inline vlan group deployment)

https://supportforums.cisco.com/message/3727610#3727610

http://securiosity.blogspot.com/2011/01/cisco-ips-vlan-groups.html

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_interfaces.html#wp1063187

http://popravak.wordpress.com/2012/03/30/cisco-ips-scenario-three-inline-vlan-pairs/

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

13 REPLIES 13

Need to have a IDS/IPS system for LAN Users

Hello,

Please check the following link so you can have a better understanding about the performance capacity of the IPS sensors.

Based on that you can choose the solution you can implement but that will depend on how many data traverse your network.

Hope this helps,

Remember to rate all of the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Beginner

Need to have a IDS/IPS system for LAN Users

I need to have 1Gbps IPS. I have checked Juniper IDP 800 and Cisco IPS 4360. which one is better?

any thought?

Thanks,

Mike

Need to have a IDS/IPS system for LAN Users

Hello,

I forget to post the link.

Here you go:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/ps9157/product_data_sheet09186a008014873c_ps4077_Products_Data_Sheet.html

IPS 4260 rocks man, I am used to work with the IPS sensors so I can tell you they will provide you as much granularity as you want

They support a way extended range of features that will provide a dynamic protection to your company,

Remember to rate all of the answers. that is as important as a thanks for the community.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Beginner

Need to have a IDS/IPS system for LAN Users

Thank you Julio,

I have 3x Cisco 6509 and 1 Internet Router. I am really confuse of putting the IPS device in between of those devices.

Should I connect each switch's uplinks directly to the IPS device and then from IPS to the other Switch?

Please advise.


Thanks,

Mike

Need to have a IDS/IPS system for LAN Users

Hello,

There are several ways to implement the IPS,

The question is do you want to have it inline or on promiscous mode?

If inline you could have it as an inline interface pair, inline vlan pair, inline vlan groups.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Beginner

Need to have a IDS/IPS system for LAN Users

I am thinking of IDS mode with SPAN my VLAN traffics to the IPS/IDS device.

is it a good idea to SPAN the VLANs?

like (config)#monitor session 1 source vlan 10

Need to have a IDS/IPS system for LAN Users

Hello,

Span vlans is good, no problem at all but I would recommend 100% to go for the IPS mode instead of IDS. Way more secure and restrictive,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Beginner

Need to have a IDS/IPS system for LAN Users

if I go with IPS mode and connect switch uplinks to the IPS then I can not monitor local VLAN traffic on each switch. becuse I do not have Core switch in the network and each vlan traffic will stay on the switches and will not pass the uplinks.

Need to have a IDS/IPS system for LAN Users

Hello,

No problem as you can SPAN the sessions on specific ports to the port going to the IPS.

Please check the configuration for each of the modes I presented before:

inline interface pair, inline vlan pair, inline vlan groups.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Beginner

Need to have a IDS/IPS system for LAN Users

can I span 3 vlan to 1 port which is connected to the IPS?

also I think I am going with Juniper IDP 800 becuse it is cheaper than cisco.

Thanks,

Mike

Need to have a IDS/IPS system for LAN Users

Hello,

Regarding one being cheaper than the other I cannot argue on that one

Now one will provide more features and protection than the other one but yes if you think that with the other IPS you will be good then you are set to go

Last but not least here are some links I think will help you regarding the IPS deployment ( 3 vlans ---- Inline vlan group deployment)

https://supportforums.cisco.com/message/3727610#3727610

http://securiosity.blogspot.com/2011/01/cisco-ips-vlan-groups.html

http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_interfaces.html#wp1063187

http://popravak.wordpress.com/2012/03/30/cisco-ips-scenario-three-inline-vlan-pairs/

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Beginner

Need to have a IDS/IPS system for LAN Users

You are awesome! Thanks for your help.

Need to have a IDS/IPS system for LAN Users

Hello,

Glad I could help

Have a great day ( thanks for the comments and rating )

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here