Placing IDS and IPS

Unanswered Question
Feb 7th, 2008


Kindly brief about placement of NIDS in a bank network scenario and IPS placement also...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
sureshkum Wed, 02/13/2008 - 06:15


Kindly brief about placement of NIDS in a bank network scenario and IPS placement also..

mhellman Wed, 02/13/2008 - 08:05

You didn't get an answer because the question is too vague. I think that banks have different requirements depending on their size. As I recall, there can be different regulatory bodies involved (OTS vs OCC) based on size.

I would say at a minimum you should have IDS/IPS at all perimeter points. A bank should probably also have some sort of IDS/IPS protecting servers (Network and/or Host based).

You might take a peek here for some more high-level info:

ccie16351 Sun, 02/17/2008 - 12:21


I am having the same question, where to place the IPS at the Bank's Internet Zone (e-service/e-trade) for on-line banking.

The way I see it, placing the IPS in-line behind the firewall (high sec)is much better than placing it ahead of the front-end firewall (low Sec). That's would save security monitoring team a lot of time decoding/reacting to alarms the firewall will supposedly take care of.

Appreciate your advise.



matt_nels Wed, 02/20/2008 - 07:33

Your deployment scheme depends on your setup and requirements. And sometimes it depends the product honestly. There are a lot of variables that you'll need to consider, that we can't help with here.

With that open question though, I'd say NIDS in-line behind the firewall or on the gateways themselves. Now if you have an ActiveScout IPS, you could put that in front of the network and let it do it's thing.


This Discussion