10-01-2008 10:40 AM - edited 03-09-2019 09:36 PM
Hello Everyone,
on a point to point curcuit from the Telco is there justification for putting in a firewall and IDS/IPS? Telco is saying "No" but I'm not so sure. Opinions?
All replies rated! Thanks in advance!
10-01-2008 12:08 PM
We're required to follow NIST security policies and P2P circuits do not require encryption/firewall/IPS unless the demarc is not in a secured area. IMO encryption should be enough and a firewall /IPS is not needed (unless you use a FW for encryption).
Hope that helps.
10-02-2008 04:54 AM
Well, first of all I'm assuming that the curcuit is to support a connection to another network in your administrative domain (i.e. another one of your companies offices).
It depends on your requirements(including those that come from regulations/expectations/auditors/etc). What kind of traffic will go over the circuit(i.e. how sensitive is it)? Is is already encrypted (depending on where this happens, it can make IDS/IPS superfluous)? I'm not aware of any regulations that specifically require a firewall and/or IDS/IPS or even encryption of sensitive data on "private" networks like frame-relay and point-to-point.
However, if you're in the Pharmaceutical business and you have trade secrets you want to protect, you'd probably at least encrypt (ipsec, whatever) and maybe use IDS/IPS and a firewall. A bank might do the same. If you're selling toys and use the link to upload inventory, then you might not.
IMHO, you should assume that your service provider CAN and regularly DOES see your traffic. That's a problem best solved by encryption, not firewall/IDS/IPS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide