Do you need an IPS Security?
Let’s define what an Ips Security is. An IPS stands for Intrusion Prevention System and it provides additional security that firewalls are not able to. Firewalls usually have access-list rules that permits based on source and destinations networks and services. It provides ports-based security. An IPS Security device is more sophisticated and can detect and prevent threats in the upper layer. It is based on signatures enabled on the IPS appliance and can detect network anomaly beyond the ports and services passing through the firewall.
Today’s threats can use regular users’ port such as http and embed malicious Traffic through it. Regular firewalls will allow this traffic to be passed through if the access-list rules have been configured to allow port 80. However, if you have an IPS device, it will inspect the http traffic further and based on the signatures that have been enabled, it checks and see if there is the traffic should be allowed through or not. If it sees anomalies, it will be able detect it and prevent the traffic from passing through.
Some of the actions that an IPS can take are alerts, alarms, logs, drops the packets, blocks, and resets the connection. These are active systems and everything is happening in real-time. That is the benefit of having an IPS Security appliance because it helps to prevent network threats from spreading across the network.
Take note that there will be some performance hits when an IPS is enabled. If your IPS is a module that resides within the firewall, there may be some performance hits. You can have a standalone IPS system runs in line with the network traffic and sits behind the firewall.
If you’re a small business, you may not need an IPS device but if you are medium to large enterprise businesses or have an eCommerce website or a Data Center/Colo facility, an IPS appliance may be worth it investing in.
Note that there is an IDS (Intrusion Detection System) as well. IDS is an intrusion detection system and it provides similar functions to an IPS system but it only detects and does not block, drops, or resets the connections. It can be seen as a passive device that just listens to traffic. It is typically less expensive than an IPS system.
Once you have an IPS system installed, most of the default settings will allow for normal inspection of traffic. You have to let it run for of a week to see how the traffic pattern is and may have to tweak some signatures for it to work well with your traffic and you may see false positives (which are alerts that are benign).
An IPS security appliance contains a database of signatures of known attacks and this database should be kept up-to-date constantly. Most newer IPS systems have on-demand or live update to the Cloud which provide on-going alerts and updates as attacks and threats are happening. There is also an external Threat team or site that these systems connect to and the external site connects to other organizations that use the same systems similarly deployed. These external organizations can choose to report the threats as they see them so that these attacks data can be shared to all the other organizations who subscribe to the site. That is the nice thing about this is that you’re working along with other organizations too to combat the attacker. This does come with a price however in the form of subscription that you may have to pay to be able to subscribe to.
The post Do you need an IPS Security? appeared first on Accend Networks.
This post first appeared on Aruba Product Multiple Vulnerabilities: Accend Networks Protects Its Clients, please read the originial post: here