Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5466
Views
0
Helpful
4
Replies

NAC Vs IPS/IDS

Go to solution
mvsheik123
Level 7
Level 7

‎01-21-2010 04:52 PM - edited ‎03-10-2019 04:52 AM

Hi All,

One of the client got multiple locations. Each locations has its own Internet access. Main and DR datacenters got ASA5510. Remote users use IPSEC RA and Citrix connections (to main DC then route to internal n/w). What is the best solution.. NAC or IDS/IPS for security?  My guess is , with many internet access points, client may need to go for solution at each location. Also, is there any document  whcih explains differences between NAC Vs IDS/IPS?

TIA

MS

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rhermes
Level 7
Level 7
In response to mvsheik123

‎01-26-2010 09:08 AM

I would always place the IPS sensor inside the firewall. That way it will only have to inspect traffic that makes it through the firewall policy and alerts the sensor generates will have more value in terms of real intrustions you should be aware of.

If the traffic passing thought your DS3 router is encrypted inside a VPN tunnel, a router based IPS will not be able to inspect the traffic inside the VPN.

You would have to inspect the traffic after it has been decrypted. This could be done in the ASAs or with an external appliance sensor, such as a 4240.

- Bob

View solution in original post

0 Helpful
4 Replies 4

Go to solution
rhermes
Level 7
Level 7

‎01-25-2010 09:35 AM

it entirely depend on what your customer is trying to protect.

NAC will protect your local network form bad/dirty end users. It can enforce requirements for patches, antivirus software, etc on the hosts.

IDS/IPS is better at enforing a network traffic policy, protecting your network and users from attacks from the internet (those that get through the firewall) and dropping undeseriable activity come from hosts (attacks, P2P, etc)
- Bob
0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to rhermes

‎01-26-2010 08:14 AM

Thank you Bob. So with reference to network perimeter, if the location has internet access only (no incoming vpn etc), do we need IDS at Firewall inside or outside?  Also, if location got 2 entry points via ASAs (L2l VPN & RA VPNs) and if the entry point is via a DS3 router (ISP-->DS3 rtr--> ASA1/ASA2 etc), if we go for IDS module on DS3 router is sufficient or we need to have AIP-SSM in each ASA..?

TIA

MS

0 Helpful

Go to solution
rhermes
Level 7
Level 7
In response to mvsheik123

‎01-26-2010 09:08 AM

I would always place the IPS sensor inside the firewall. That way it will only have to inspect traffic that makes it through the firewall policy and alerts the sensor generates will have more value in terms of real intrustions you should be aware of.

If the traffic passing thought your DS3 router is encrypted inside a VPN tunnel, a router based IPS will not be able to inspect the traffic inside the VPN.

You would have to inspect the traffic after it has been decrypted. This could be done in the ASAs or with an external appliance sensor, such as a 4240.

- Bob

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to rhermes

‎01-26-2010 10:15 AM

Thanks Bob. Also, another question.. How can the client can record/track any misuse of user access to personal emails..ex: if a user goto his 'hotmail' / 'gmail' and attach some company related information files from his PC/file servers. Do we need net VCR (like Niksun) for this..? Also if that is the case, day to day activity needs lots of storage on that.

Thank you for your time.

MS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card