From: Tim (ccie2be@nyc.rr.com)
Date: Sat Oct 15 2005 - 13:03:52 GMT-3
Hi guys,
Since it's possible to enable some IDS functionality in IOS on a perimeter
router, is there any rule of thumb or BEST Practice on the issue of what IDS
functionality should be implemented on a router versus on the IDS itself?
Obviously, if you have both a router and an IDS, all IDS can be implemented
on the IDS itself but I'm wondering if there would be any benefit to
enabling
a few signatures - perhaps those that block DOS attacks - on the router.
Also, when IDS is enabled on a router interface that also has an inbound
acl, which processing takes place first? The IDS or acl?
Any guidance or insight would be greatly appreciated.
TIA, Tim
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3