Hi. For a pity I do not have an experience in implementing IPS on 10g links, however I've been researching IBM appliances (ISS+Proventia). In practice they can not do the deep inspection by signature patterns in protocols which is higher than transport layer (i.e. checking for an exploit code) at even several G speed. Not sure if they just skip checks for packets or it will became a bottleneck in case you try to force all packets to be checked. You should talk with IBM specialists what set of features will be available on that speed.
2008/3/14, Albert R. Campa <[EMAIL PROTECTED]>: > ttp://uploader.futbolmex.net/files/1/network.JPG > > > See link for Network design, design for redundancy and speed. > > these boxes are routers and links are 10gb. > > different network segements will be hanging off of the 4 routers at > the bottom. > > There will be an IPS higher up in the mix between the 2 top routers > and the internets as well as other stuff. > > Main corporate network will be hanging off each of the 4 bottom switches. > > So the goal is to monitor internal traffic between 4 network segments. > > Idea of Cisco module IDS in the 2 top routers is scratched. > > So what about in-line IPS on each of the links between the 4 routers > and the 2? > ISS has the GX6116 that runs at 6gb in filtering mode, 15gb non > filtering, hehe. > Sourcefire just sent me an email about their 10gb solution, but I dont > know if it has as many ports as the ISS box. > > Is this even a good location for an inline IPS? It seems like the only > place other than the boarder where I can get any concentrated traffic, > but at the border I cant get internal traffic. > > Any suggestions? > > Saludos > > Albert > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > -- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
