Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

21 August 2005

IPS Before or After the Firewall

One of the frequent questions in the security design is whether to deploy the inline IPS's (Intrusion Prevention Systems) before the firewalls - i.e. between the Firewall and the Gateway Router - or behind it. The two options are valid; however if you don't want to get loads of false positives in your IPS then you have to put it behind the Firewall as many of this traffic will be blocked by the Firewall, so the IPS don't have to look in it. I also prefer this design as the Firewalls are more robust systems by nature - most of the IPS are hardened Linux Servers while firewalls are often Hardware Based - so they can handle the high traffic loads - DoS, DDoS, and any unwanted traffic - and block them before they reach the IPS.