Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

NAC Vs IPS/IDS

Hi All,

One of the client got multiple locations. Each locations has its own Internet access. Main and DR datacenters got ASA5510. Remote users use IPSEC RA and Citrix connections (to main DC then route to internal n/w). What is the best solution.. NAC or IDS/IPS for security?  My guess is , with many internet access points, client may need to go for solution at each location. Also, is there any document  whcih explains differences between NAC Vs IDS/IPS?

TIA

MS

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: NAC Vs IPS/IDS

I would always place the IPS sensor inside the firewall. That way it will only have to inspect traffic that makes it through the firewall policy and alerts the sensor generates will have more value in terms of real intrustions you should be aware of.

If the traffic passing thought your DS3 router is encrypted inside a VPN tunnel, a router based IPS will not be able to inspect the traffic inside the VPN.

You would have to inspect the traffic after it has been decrypted. This could be done in the ASAs or with an external appliance sensor, such as a 4240.

- Bob

4 REPLIES
Gold

Re: NAC Vs IPS/IDS

it entirely depend on what your customer is trying to protect.

NAC will protect your local network form bad/dirty end users. It can enforce requirements for patches, antivirus software, etc on the hosts.

IDS/IPS is better at enforing a network traffic policy, protecting your network and users from attacks from the internet (those that get through the firewall) and dropping undeseriable activity come from hosts (attacks, P2P, etc)
- Bob

Re: NAC Vs IPS/IDS

Thank you Bob. So with reference to network perimeter, if the location has internet access only (no incoming vpn etc), do we need IDS at Firewall inside or outside?  Also, if location got 2 entry points via ASAs (L2l VPN & RA VPNs) and if the entry point is via a DS3 router (ISP-->DS3 rtr--> ASA1/ASA2 etc), if we go for IDS module on DS3 router is sufficient or we need to have AIP-SSM in each ASA..?

TIA

MS

Gold

Re: NAC Vs IPS/IDS

I would always place the IPS sensor inside the firewall. That way it will only have to inspect traffic that makes it through the firewall policy and alerts the sensor generates will have more value in terms of real intrustions you should be aware of.

If the traffic passing thought your DS3 router is encrypted inside a VPN tunnel, a router based IPS will not be able to inspect the traffic inside the VPN.

You would have to inspect the traffic after it has been decrypted. This could be done in the ASAs or with an external appliance sensor, such as a 4240.

- Bob

Re: NAC Vs IPS/IDS

Thanks Bob. Also, another question.. How can the client can record/track any misuse of user access to personal emails..ex: if a user goto his 'hotmail' / 'gmail' and attach some company related information files from his PC/file servers. Do we need net VCR (like Niksun) for this..? Also if that is the case, day to day activity needs lots of storage on that.

Thank you for your time.

MS

2218
Views
0
Helpful
4
Replies