Cisco NIPS Deployment

Corporate Network

Corporate Network

Sensor

Sensor Firewall

Sensor Firewall

Sensor

Management Web DNS

Server Server Server

The figure shows a typical network IPS deployment. The key difference between this Network IPS deployment example and the previous HIPS deployment example is that there are no CSA agents on the various platforms. In this topology, the network IPS sensors are deployed at network entry points that protect critical network segments. The network segments have internal and external corporate resources. The sensors report to a central management and monitoring server located inside the corporate firewall.

The advantages and disadvantages of network IPS are as follows:

■ Advantages of network IPS: A network-based monitoring system has the benefit of easily seeing attacks that are occurring across the entire network. Seeing the attacks against the entire network gives a clear indication of the extent to which the network is being attacked. Furthermore, because the monitoring system is only examining traffic from the network, it does not have to support every type of operating system that is used on the network.

■ Disadvantages of network IPS: Encryption of the network traffic stream can essentially blind network IPS. Reconstructing fragmented traffic can also be a difficult problem to solve. Possibly the biggest drawback to network-based monitoring is that as networks become larger (with respect to bandwidth), it becomes more difficult to place network IPS at a single location in the network and successfully capture all of the traffic. Eliminating this problem requires the use of more sensors throughout the network. However, this solution increases costs.

© 2006 Cisco Systems, Inc. Securing Networks with Cisco IOS IPS 5-21

+1 0

Responses

  • dieter
    What are the disadvantages or limitations of cisco NIPS?
    10 days ago

Post a comment