How should they architect their solution to achieve the…

A web company is looking to implement an intrusion detection and prevention system into their deployed VPC.
This platform should have the ability to scale to thousands of instances running inside of the VPC,
How should they architect their solution to achieve these goals?

A web company is looking to implement an intrusion detection and prevention system into their deployed VPC.
This platform should have the ability to scale to thousands of instances running inside of the VPC,
How should they architect their solution to achieve these goals?

A.
Configure an instance with monitoring software and the elastic network interface (ENI) set to promiscuous
mode packet sniffing to see an traffic across the VPC,

B.
Create a second VPC and route all traffic from the primary application VPC through the second VPC where
the scalable virtualized IDS/IPS platform resides.

C.
Configure servers running in the VPC using the host-based ‘route’ commands to send all traffic through the
platform to a scalable virtualized IDS/IPS.

D.
Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS
platform for inspection.



Leave a Reply 8

Your email address will not be published. Required fields are marked *


aws_test

aws_test

B

A – promiscuous mode is not allowed
C – there is no ‘route’ command
D – The company need IPS so agent will not work

Steve

Steve

There are a LOT of great IPS agent based solutions out there. (google is your friend) The agent sits on the tcp/ip stack and monitors all traffic on the host, preventing access up the stack based upon IDS/IPS rules configured by the server.

The best solution out of this list is agent based.

Setting up a completely different VPC is kind of an overkill.