Which option is the most effective placement of an IPS device within the infrastructure?
A . Inline, behind the internet router and firewall
B . Inline, before the internet router and firewall
C . Promiscuously, after the Internet router and before the firewall
D . Promiscuously, before the Internet router and the firewall
Answer: A
Explanation:
Firewalls are generally designed to be on the network perimeter and can handle dropping a lot of the non- legitimate traffic (attacks, scans etc.) very quickly at the ingress interface, often in hardware.
An IDS/IPS is, generally speaking, doing more deep packet inspections and that is a much more computationally expensive undertaking. For that reason, we prefer to filter what gets to it with the firewall line of defense before engaging the IDS/IPS to analyze the traffic flow.
Source: https://supportforums.cisco.com/discussion/12428821/correct-placement-idsips-networkarchitecture
Leave a Reply