I have a web application (Apache, PHP, MySQL) running on two servers in a data center. One server runs Apache and PHP, and the other runs MySQL (separated for security). They are both behind a firewall (ASA 5505). The MySQL server is on the internal VLAN, and the Apache server is on the DMZ.
Since the ASA 5505 (with sec. plus license) is the only protection for the web application, I was interested in adding some sort of Intrusion Prevention/Detection. I am torn between either purchasing the AIP-SSC Intrusion Prevention module for the ASA 5505 and just buying a good piece of hardware (likely dell server) to run Untangle on.
My two main concerns are:
1. I am worried that a separate server (with dual nics running untangle) would not be as reliable in terms of crashing/hardware failure as the ASA5505 would be after adding the IDS module to it. Please correct me if I am wrong here.
2. I'm wondering if Untangle would protect as well from attacks such as DDOS, etc as the ASA module would. Any input here would be great as well.
In the past, I have run IPCop on a cheap box with cheap hardware and have had mixed results (hardware failures) but the results might be better if I were to get better more reliable hardware.
The ASA module runs about $1200 plus yearly licensing fees (a lot more $/year), while I would imagine I could get a cheap but reliable server for around $800.
Any suggestions or input on this matter would be appreciated.