By Leslie O'Neill on March 19, 2007
Today, many companies are finding that an intrusion prevention system (IPS) alone doesn’t provide security tight enough to adequately protect their enterprise. To prevent damage from targeted attacks and increasingly sophisticated threats, companies are adding to their infrastructure a network-based IPS appliance, which monitors traffic flowing across the network to detect and respond to a variety of security threats before they can impact the network. An IPS appliance can stop worms, Trojans, viruses, spyware and other malicious code, and most can also thwart DoS (denial of service) attacks as well as peer-to-peer and VoIP threats.
In general, IPS appliances use either signature-based or protocol analysis-based technology to block these various forms of malware, and they can be deployed either at the perimeter of a network or at the core. They’re designed to sit inline with traffic flows and stop attacks as they happen. Like most pre-emptive forms of security, IPS appliances must be regularly updated with the latest known threats and vulnerabilities based on the latest research – some vendors send updates daily, others weekly, and any trustworthy vendor sends an immediate update to fight a newly discovered attack.
Vendors large and small offer IPS appliances, generally tuned by performance for specific uses: small- and medium-sized businesses, small enterprise, large enterprise, service provider, carrier network, and data center network. The range of speeds is vast, and there is an appliance suitable to any network infrastructure, starting at 50 Mbps and going as high as 5 Gbps. Most use several different methods of detection, including stateful signature detection, protocol and traffic anomaly detection, backdoor detection, IP spoofing detection, DoS detection, Layer 2 detection, rate liming, IPv6 detection and network honeypot.
Cisco offers its Cisco IPS 4200 Sensors appliances, which come in a 1 Gbps model, a 600 Mbps model, a 250 Mbps model and an 80 Mbps model. From IBM Internet Security Solutions comes the IBM Proventia Network Intruson Prevention System, with a 2 Gbps version, a 1.2 Gbps version, a 400 Mbps version and two 200 Mbps versions. Juniper Network offers its eponymously named IDP products, with a 1 Gbps appliance, a 500 Mbps appliance, a 250 Mbps appliance and a 50 Mbps appliance. McAfee’s IntruShield Network IPS appliances come in a two 2 Gbps models, a 1 Gbps model, a 600 Mbps model, a 200 Mbps model and a 100 Mbps model. And TippingPoint’s IPS models include a 5 Gbps device, a 2 Gbps device, a 1.2 Gbps device, a 600 Mbps device, two 200 Mbps devices and three 50 Mbps devices.
Even though preventing known – and even unknown – network security threats is the main function of IPS appliances, they can also be used to help satisfy rigorous regulatory and audit requirements. Depending on the device’s reporting capabilities, it can be used to monitor network activity.
Print This Article
Email a Friend