Hey there,
since a few days i cannot get this out of my mind. Maybe i miss something. But i would like to read your opinions.
Very curious to your answers.
So here is the question:
When a firewall (internet to WAN Nic) is set to default block all does it make sense to activate IDS/IPS on that interface? I mean there is absolutely nothing exposed through this NIC which would be reachable from the internet.
So my assumption is that all is blocked. Anything. Any port any protocol any action from internet to this dedicated interfae. How could an attack happen then? Would IDS/IPS then be needed?
I am not talking about connections from LAN/DMZ to the internet through WAN. All connections there are made internally to the outside and stateful keeps the channel as long the communication takes open.
What do you think?
thanks
A