.

IPS Suggestions

<<

scucci

Newbie
Newbie

Posts: 29

Joined: Mon Sep 15, 2008 10:55 am

Post Sun Jul 05, 2009 5:21 pm

IPS Suggestions

We're currently a small shop and we've been running a large external Intrusion Prevention system by ISS. We're currently a small to medium sized company and we've run into issues with the IPS before. Due to it being external we've had an issue with the way our firewalls are setup running traffic through it. I'm also looking to upgrading my firewall and wanted to know if anyone has had any experience with the Cisco IPS module that comes installed in the ASA. I've taken a few demo's of the management and wanted to know if anyone's used it before or have any suggestions. I think for the size of our organization this is something that would fit perfectly. Any thoughts?
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Tue Jul 07, 2009 9:08 am

Re: IPS Suggestions

Scucci,

I dont have hands on experiance with the box, as thats not my role anymore. However I have worked with a customer who had a 5540 deployed and it had a pretty decent throughput for the size of the organisation, and as you say the management interface is graphical and concise, and pretty configurable.

Obviously you will know your organisation, but I would ask CISCO for a demo unit and pop it on your network in learning mode for a while, and then trial it. Proof is in the pudding I will say.

My only observation from experiance, is that people forget that you need to make good use of the logs, and monitor them accordingly, and also dont forget you need additional license and support inplace for the IDS / IPS components in addition.

I will also add that I have had a little look at the Astaro Security Gateway, not in a commerical environment, just in a virtual lab. Not sure on the price comparisons, but again this box has some IPS functionality, as well as some other bits and bobs. You could download the free VM and try it out also.

I think these AIO devices bring real benefit in a SME, so I think you have a few options to review. Just incase I sound like a salesman :) I dont work or have any relationships with Cisco or Astaro. Hope it helps a little.
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Wed Jul 15, 2009 6:35 pm

Re: IPS Suggestions

scucci wrote:We're currently a small shop and we've been running a large external Intrusion Prevention system by ISS. We're currently a small to medium sized company and we've run into issues with the IPS before. Due to it being external we've had an issue with the way our firewalls are setup running traffic through it. I'm also looking to upgrading my firewall and wanted to know if anyone has had any experience with the Cisco IPS module that comes installed in the ASA. I've taken a few demo's of the management and wanted to know if anyone's used it before or have any suggestions. I think for the size of our organization this is something that would fit perfectly. Any thoughts?



The Cisco IPS modules for the ASA's are pretty good actually.  The difference between this setup and another solution that offers "everything" in a box is that you have dedicated resources built into the card which helps A LOT on performance.  Automatic updates can be done.  The ability to prevent IP Telephony attacks can be done. 

Having an IPS in front of a perimeter firewall doesn't make much sense as it's analyzing every packet and payload rather than allowing a firewall perform analysis based on access rules, inspection engines, threat detection, and possibly VPN connections. 

An IDS in front is ok though for forensic evidence collection as long as it's not directly inline.  ISS makes good products though.
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

Bane

Post Thu Aug 20, 2009 12:09 pm

Re: IPS Suggestions

charlottebandit wrote:
scucci wrote:We're currently a small shop and we've been running a large external Intrusion Prevention system by ISS. We're currently a small to medium sized company and we've run into issues with the IPS before. Due to it being external we've had an issue with the way our firewalls are setup running traffic through it. I'm also looking to upgrading my firewall and wanted to know if anyone has had any experience with the Cisco IPS module that comes installed in the ASA. I've taken a few demo's of the management and wanted to know if anyone's used it before or have any suggestions. I think for the size of our organization this is something that would fit perfectly. Any thoughts?



The Cisco IPS modules for the ASA's are pretty good actually.  The difference between this setup and another solution that offers "everything" in a box is that you have dedicated resources built into the card which helps A LOT on performance.  Automatic updates can be done.  The ability to prevent IP Telephony attacks can be done. 

Having an IPS in front of a perimeter firewall doesn't make much sense as it's analyzing every packet and payload rather than allowing a firewall perform analysis based on access rules, inspection engines, threat detection, and possibly VPN connections. 

An IDS in front is ok though for forensic evidence collection as long as it's not directly inline.  ISS makes good products though.


There are cases where having an IPS in front of the firewall makes sense. The most specific is in a hosting situation where you are trying to protect against DoS and DDoS attacks. Firewalls and UTM devices are not designed to protect against denial of service attacks. Most modern IPS devices such as TippingPoint and TpoLayer are.

Return to Hardware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software