cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
735
Views
4
Helpful
4
Replies

Placing IDS and IPS

sureshkum
Level 1
Level 1

Hi,

Kindly brief about placement of NIDS in a bank network scenario and IPS placement also...

4 Replies 4

sureshkum
Level 1
Level 1

Hi,

Kindly brief about placement of NIDS in a bank network scenario and IPS placement also..

You didn't get an answer because the question is too vague. I think that banks have different requirements depending on their size. As I recall, there can be different regulatory bodies involved (OTS vs OCC) based on size.

I would say at a minimum you should have IDS/IPS at all perimeter points. A bank should probably also have some sort of IDS/IPS protecting servers (Network and/or Host based).

You might take a peek here for some more high-level info:

http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.html

Hi,

I am having the same question, where to place the IPS at the Bank's Internet Zone (e-service/e-trade) for on-line banking.

The way I see it, placing the IPS in-line behind the firewall (high sec)is much better than placing it ahead of the front-end firewall (low Sec). That's would save security monitoring team a lot of time decoding/reacting to alarms the firewall will supposedly take care of.

Appreciate your advise.

Thanks

Sami

matt_nels
Level 1
Level 1

Your deployment scheme depends on your setup and requirements. And sometimes it depends the product honestly. There are a lot of variables that you'll need to consider, that we can't help with here.

With that open question though, I'd say NIDS in-line behind the firewall or on the gateways themselves. Now if you have an ActiveScout IPS, you could put that in front of the network and let it do it's thing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: