Forwarding traffic at Layer 2, the IPS devices on your network can inspect traffic from numerous protocols to identify attacks against your network. By not forwarding malicious traffic, your Network IPS solution can stop this traffic before it reaches the target system. Your IPS also provides the following benefits:
Traffic NormalizationBesides stopping malicious traffic, your IPS devices can prevent various IDS evasion techniques by normalizing the traffic reaching the systems on your network. Some of the attacks that normalizing TCP traffic can prevent include the following:
Normalizing traffic has been initially focused on mitigating various TCP-based attacks. This concept, however, can be applied to numerous protocols. As IPS software evolves, the normalizing capability will grow and incorporate a larger suite of protocols, making it more difficult for an attacker to evade detection and successfully attack systems on your network. Security Policy EnforcementYour IPS has the capability to enforce your security policy because your IPS has the capability to modify and drop traffic entering your network. For example, many applications, such as peer-to-peer software, use a destination port of TCP port 80 because this traffic is usually allowed by most firewall policies. The firewall might not be able to distinguish between HTTP traffic going to TCP port 80 and another program, such as Kazaa, using the same port. With an IPS, you can monitor traffic to TCP port 80 and verify its compliance with RFC 2616, "Hypertext Transfer ProtocolHTTP 1.1," thus ensuring that your firewall is allowing only HTTP traffic through for TCP port 80. |