Juniper Networks IDP250 Network Card User Manual


 
IDP Configuration Basics 3
Chapter 1: Planning an Installation
To use an IDP sensor as a passive intrusion detection system without
prevention capabilities, deploy the sensor in passive sniffer mode to monitor
and log network traffic. If the sensor is attached to a network switch, you must
configure the switch to mirror all traffic to that port. The IDP sensor defaults to
sniffer mode.
Active mode—The gateway (inline) mode is active. This mode takes full
advantage of IDP attack prevention capabilities and multimethod detection
mechanisms.
With inline modes, the sensor is directly involved in the packet flow. The
sensor can stop attacks by dropping malicious packets before they reach their
target.
Inline sensors are typically configured in transparent mode. For other inline
modes, see “Advanced Configuration” on page 43.
One step in setting up IDP on your network is to decide on a deployment mode.
Figure 1 and Figure 2 illustrate the possible deployment modes and their primary
advantages and disadvantages.
Figure 1: Sniffer Mode (Passive)
Table 2 lists the advantages and the disadvantages of using the sensor in passive
sniffer mode.
NOTE: For IDP 8200 Release 4.2, only transparent mode is available.
Management
Server
IP 2.2.2.4
User Interface
IP 2.2.2.5
Protected Machines
Hub or
Switch
Mirror or SPAN port, if a switch
Firewall
MGT
port
eth2
Internet
Server1
IP 1.1.1.2
GW 1.1.1.1
Server2
IP 1.1.1.3
GW 1.1.1.1
Server3
IP 1.1.1.4
GW 1.1.1.1
eth0 IP 2.2.2.7
straight-through cable
IP 2.2.2.1
IP 1.1.1.1
IDP Sensor
Hub or
Switch