Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
0
Helpful
2
Replies

is IPS same as IDS

Kuldeep singh
Level 1
Level 1

‎06-15-2013 05:02 AM - edited ‎03-10-2019 05:58 AM

Hi Experts,

I have some confusion with IPS(intrusion prevention system) so plz provide suggestion on given below queries:

1. what would be the IPS placement as per your opinion ( is it placed before Firewall or after Firewall) ?

    Router------>Firewall--------->IPS--------> Switch

    Router------>IPS----------->Firewall------> Switch

2. can i use IPS device without IDS in our Network?

3. Cisco IPS 4260 is IPS only  or  IPS+IDS  ?

KS

Labels:
0 Helpful
2 Replies 2

Andrew Phirsov
Level 7
Level 7

‎06-15-2013 10:03 AM

1. When talking about enterprise networks, It's ususally better to put IPS behind the firewall. In this case all the basig rough filtering is done by the firewall and a lot less unnesessary load goes to the IPS , where it could perform all the smart application inspection and filtering on already partially filtered by firewall traffic.

2. Surely you can. IPS and IDS is not what they are, but how they are applied. One device may act as IPS, when it's inserted in the traffic flow (inline) or as IDS, where it sits apart from the traffic flow, but traffic is directed to it for inspection (SPAN/RSPAN), for example. In both cases all the same signatures and rules are used for inspection, but in first case IPS has more direct control on the flow of traffic when compared to IDS.

3. Answer 2 is applicable to 4260 as to most other cisco and not cisco censors.

0 Helpful

Seeker123_2
Level 1
Level 1

‎06-20-2013 02:42 AM

Best topology is to put the ips behind the firewall, like that you'll have only a small percentage of traffic to inspect.

Normally the traffic that the firewall has permitted to enter in their polices.

It will save resources on the IPS and reduce the scope of analysis and the scope of signatures needed.

IPS and IDS are basically the same, the difference is mostly if they're in line or not and if they have a more passive role or more active role in your network.

Ex: In the IDS used to be putted in a span port in a switch making more difficult to stop an attack but causing less latency / intromission in the network.

Best Regards
Hugo Rodrigues

Best Regards Hugo Rodrigues
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card