The Ethical Hacker Network - IPS Suggestions

scucci

Newbie

Offline

Posts: 29

IPS Suggestions

« on: July 05, 2009, 05:21:15 PM »

We're currently a small shop and we've been running a large external Intrusion Prevention system by ISS. We're currently a small to medium sized company and we've run into issues with the IPS before. Due to it being external we've had an issue with the way our firewalls are setup running traffic through it. I'm also looking to upgrading my firewall and wanted to know if anyone has had any experience with the Cisco IPS module that comes installed in the ASA. I've taken a few demo's of the management and wanted to know if anyone's used it before or have any suggestions. I think for the size of our organization this is something that would fit perfectly. Any thoughts?


	Logged

dalepearson

Sr. Member

Offline

Posts: 357

Re: IPS Suggestions

« Reply #1 on: July 07, 2009, 09:08:35 AM »

Scucci,

I dont have hands on experiance with the box, as thats not my role anymore. However I have worked with a customer who had a 5540 deployed and it had a pretty decent throughput for the size of the organisation, and as you say the management interface is graphical and concise, and pretty configurable.

Obviously you will know your organisation, but I would ask CISCO for a demo unit and pop it on your network in learning mode for a while, and then trial it. Proof is in the pudding I will say.

My only observation from experiance, is that people forget that you need to make good use of the logs, and monitor them accordingly, and also dont forget you need additional license and support inplace for the IDS / IPS components in addition.

I will also add that I have had a little look at the Astaro Security Gateway, not in a commerical environment, just in a virtual lab. Not sure on the price comparisons, but again this box has some IPS functionality, as well as some other bits and bobs. You could download the free VM and try it out also.

I think these AIO devices bring real benefit in a SME, so I think you have a few options to review. Just incase I sound like a salesman

I dont work or have any relationships with Cisco or Astaro. Hope it helps a little.


	Logged

:: Subliminal Hacking :: / :: Security Active Blog ::

charlottebandit

Newbie

Offline

Posts: 49

Re: IPS Suggestions

« Reply #2 on: July 15, 2009, 06:35:11 PM »

Quote from: scucci on July 05, 2009, 05:21:15 PM

The Cisco IPS modules for the ASA's are pretty good actually. The difference between this setup and another solution that offers "everything" in a box is that you have dedicated resources built into the card which helps A LOT on performance. Automatic updates can be done. The ability to prevent IP Telephony attacks can be done.

Having an IPS in front of a perimeter firewall doesn't make much sense as it's analyzing every packet and payload rather than allowing a firewall perform analysis based on access rules, inspection engines, threat detection, and possibly VPN connections.

An IDS in front is ok though for forensic evidence collection as long as it's not directly inline. ISS makes good products though.


	Logged

MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS

Bane

Guest

Re: IPS Suggestions

« Reply #3 on: August 20, 2009, 12:09:25 PM »

Quote from: charlottebandit on July 15, 2009, 06:35:11 PM

Quote from: scucci on July 05, 2009, 05:21:15 PM

There are cases where having an IPS in front of the firewall makes sense. The most specific is in a hosting situation where you are trying to protect against DoS and DDoS attacks. Firewalls and UTM devices are not designed to protect against denial of service attacks. Most modern IPS devices such as TippingPoint and TpoLayer are.


	Logged

Pages: [1] Go Up

« previous next »