12-13-2009 06:54 AM - edited 03-04-2019 06:57 AM
Hello Guys
let say am using IPS 4240,and i have servers on DMZ,here is it possible to allocates sensors ,1 on inside,and 1 on outside and 1 DMZ and C&C let say on inside..pls advise
Thanks
12-13-2009 09:17 AM
Hello alsayed,
IPS/IDS in mostly deployed on the outside perimeter devices and inside of perimeter devices.
Here is a document on understanding IDS/IPS for Defense in Depth:
HTH
Reza
12-13-2009 09:28 AM
Hello riza
what about the sensing in DMZ?i have i-banking server in the dmz,,do i need to iniate a sensing in DMZ?pls explain
Thanks
12-13-2009 10:14 AM
I think if you protect the outside before even getting to DMZ is good enough. You could add another device in your DMZ, but do you have enough man power to monitor all the devices and go through their logs? Putting a device is not so much of issue, but management and monitoring is.
I have seen when there is too much logs to look at, they don't get look at at all.
Reza
12-13-2009 10:23 AM
hello Riza
as a conclusion,i ll out 1 sensore on the outside and 1 sensor in inside and the c&c also in inside,and the IPS run in inline mode
Pls advise
Thanks
12-13-2009 10:52 AM
Yes, in addition you can also use host based IDS on your end users workstations.
HTH
Reza
12-13-2009 11:46 PM
Thanks for ur Time Freind
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: