Where are they located physically and logically within the network?
Knowledge of your network topology, and where important assets are located, is important for determining IPS device placement. An Intrusion Protection Device must be placed in-line to provide active blocking of malicious or unwanted traffic. Within a physical network (LAN) or logical networks (VLAN), there may be convenient aggregation points, where a multi-port IPS may be used to protect multiple areas & assets. What is the physical connectivity/link speed of the network in key areas, and what is the expected traffic volumes in key areas? The physical layer is a simple consideration, yet it ultimately determines the interface types that must be supported on the chosen IPS. However, do not confuse throughput and link speed: for economical deployments, measure the average and peak traffic on a network link and use an appropriately sized IPS. What protocols are used? Intrusion detection and prevention requires deep packet inspection, and therefore the average size and rate of packets is
