cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2740
Views
0
Helpful
4
Replies

Placement of IDS & IPS, Inside or Outside?

Mokhalil82
Level 4
Level 4

Hi 

I have a IDS and IPS, now deciding on where these should be placed. IDS inside and IPS outside the firewall or vice versa. Ive read various pros and cons but would like to get some advice from people who have any placement experience. 

 

Thanks

1 Accepted Solution

Accepted Solutions

The ASA is a firewall that has the IDS/IPS functionality in addition to other things -- hence a "security appliance."

As a firewall, the ASA device is placed on the network edge, that is, likely as the first device inside the WAN connection (bridge, modem), though sometimes it makes sense to have a router on the outside especially if there are multiple connections to ISPs for redundancy, load balancing, or Quality of Service implementations.

What model of ASA are we talking about?

IDS/IPS functionality occurs inside the device -- there's a "module" that's internal to the device that handles the duties. In the case of IPS, it will prevent malicious traffic from entering your organization's network (the often-called inside network). In the case of IDS, it will just flag the traffic and issue a warning through whatever means have been configured. These correspond loosely to inline mode and promiscuous mode respectively.

I'm no expert, but I hope I've been able to help answer your original question...

jeremyNLSO
Berlin, Germany

 

ArchiTech89
CCNA Routing & Switching, CCNA Security
MCITP, MCTS
Berlin, Germany

View solution in original post

4 Replies 4

ArchiTech89
Level 1
Level 1

Hello,

What products are you talking about? Do you have Cisco's ASAs (Adaptive Security Appliances)?

 

ArchiTech89
CCNA Routing & Switching, CCNA Security
MCITP, MCTS
Berlin, Germany

Hi

Sorry should have mentioned, it's Cisco ASA's

 

The ASA is a firewall that has the IDS/IPS functionality in addition to other things -- hence a "security appliance."

As a firewall, the ASA device is placed on the network edge, that is, likely as the first device inside the WAN connection (bridge, modem), though sometimes it makes sense to have a router on the outside especially if there are multiple connections to ISPs for redundancy, load balancing, or Quality of Service implementations.

What model of ASA are we talking about?

IDS/IPS functionality occurs inside the device -- there's a "module" that's internal to the device that handles the duties. In the case of IPS, it will prevent malicious traffic from entering your organization's network (the often-called inside network). In the case of IDS, it will just flag the traffic and issue a warning through whatever means have been configured. These correspond loosely to inline mode and promiscuous mode respectively.

I'm no expert, but I hope I've been able to help answer your original question...

jeremyNLSO
Berlin, Germany

 

ArchiTech89
CCNA Routing & Switching, CCNA Security
MCITP, MCTS
Berlin, Germany

Thanks Jeremy, very helpful

Review Cisco Networking for a $25 gift card