You didn't get an answer because the question is too vague. I think that banks have different requirements depending on their size. As I recall, there can be different regulatory bodies involved (OTS vs OCC) based on size.
I would say at a minimum you should have IDS/IPS at all perimeter points. A bank should probably also have some sort of IDS/IPS protecting servers (Network and/or Host based).
You might take a peek here for some more high-level info:
I am having the same question, where to place the IPS at the Bank's Internet Zone (e-service/e-trade) for on-line banking.
The way I see it, placing the IPS in-line behind the firewall (high sec)is much better than placing it ahead of the front-end firewall (low Sec). That's would save security monitoring team a lot of time decoding/reacting to alarms the firewall will supposedly take care of.
Your deployment scheme depends on your setup and requirements. And sometimes it depends the product honestly. There are a lot of variables that you'll need to consider, that we can't help with here.
With that open question though, I'd say NIDS in-line behind the firewall or on the gateways themselves. Now if you have an ActiveScout IPS, you could put that in front of the network and let it do it's thing.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...