I think you brought up a very good question "if this is the right position for IPS to deploy?"
Here is my 3 cents (2 cents Inflation adjusted :))) 1. IPS on 16G and 10G is a classic compromise of Speed versus security. Speed Security and cost is the three corners of triangle and you can choose only two :). 2. 10 to 16 G worth of traffic makes the IDS/IPS as single point of faliure which is really highrisk so you end up buying Hot standby module in any case (even though IPS is fail Open). 3. Other issue is log management and containing the damage due to changes. Let me explain this in bit detail. If you are upgrading the software on IPS, the disruption due to changes will be for entire network, 4. Even if you want to deploy 16G/10G solution current products are not mature enough to provide you peace of mind. I think you should reassess your requirement and see if you are ok with filtering network based attack at the Gateway or entry point and have more protocol decode and similar solution nearer to the host. This will minimize the impact on the infrastructure and in the long run it may prove more efficient and effective. So strongly request you to reassess your requirements. Regards, Vijay Upadhyaya BS-7799 Lead Auditor CISSP CSGA Nortel ASF Training Certification ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
