Is Your Network Proactively Safe?

Tuesday, October 12, 2010

Evandro Rodrigues

Ba542f3617078b0be2f95e64e425e190

Nowadays, enterprises don´t have room for network downtime caused by security vulnerabilities, networks being compromised due to infected machines, or other issues caused by inadequate network security.

All of these issues can mean only one thing: Loss of revenue.

These events can also damage a company's reputation, especially for those companies that are required to report such issues to their shareholders and the public.

So, can we proactively protect you network? The answer is Yes, we can!

Let´s talk a little about IDS/IPS....

IDS

IDS is the abbreviation for Intrusion Detection System. It is a system that detects all inbound and outbound network traffic and identifies suspicious activities that may indicate an external or internal attack, targeting systems and/or network decrease.

But IDS is passive, which means it only monitors attacks, intrusions and exploits, generating alerts and reports.

IPS

IPS is the abbreviation for Intrusion Prevention Systems.

Like IDS, IPS detects all inbound and outbound network traffic and identifies suspicious activities that may indicate an external or internal attack, the targeting of systems and/or a network functionality decrease.

IPS is proactive, which means administrators can assign actions when a symptom is detected.

IPS is an active approach to attacks, intrusions and exploits. It can respond immediately to suspicious activities, like dropping the traffic or sending a TCP Reset to the connection.

Detection Methods

Anomaly Detection: Is a kind of analysis that considers the behavior of a profile. It looks for patterns that do not match, like protocol anomalies, statistical anomalies or even environment anomalies (customized).

Denial of Service: Exceeded threshold rates, like the number of TCP connections, SYN connections per second, and ICMP requests per second. Any situation that could decrease a system or network due to a large number of requests.

Signatures: Known attacks are predefined with a unique signature made available by security companies. They needs to be frequently updated to be effective.

Why do we need IPS?

  • It prevents network-based attacks, like DoS, DDoS, and Reconnaissance;
  • Protects all network devices (routers, firewalls, switches, computers, printers...);
  • A single sensor can protect the entire network;
  • It offers real-time protections;
  • It is an extra layer of protection against attacks and intrusions.

These are just a few reasons to use IPS, but there are many others....

Consider an IPS System to proactively protect your network against threats and vulnerabilities.

Possibly Related Articles:
9797
IDS Vulnerabilities
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.