Summary


Marketing buzzwords are commonplace in the IPS field, and each vendor has a different opinion about what these buzzwords actually represent. This chapter has illustrated two major classifications of intrusion prevention products: host based and network based. Network-based IPS can be classified as external NIPS (point-defense devices that you put in front of an object you want to protect) and switch NIPS (devices you plug your network, or part of your network, in to).

External NIPS are primarily iterative improvements to firewalls or IDS systems. Firewall vendors are adopting additional intelligence in their products to stop attacks as they traverse the network for network-based IPS. A similar method of inline NIPS is to deploy a "switch-like" device between public and private networks that uses stateful packet inspection and IDS techniques to examine and drop malicious traffic. NIPS devices must be able to process traffic at high speeds with low latency while minimizing false negatives and eliminating false positives. False positives and dropped traffic by the NIPS results in a denial of service to your organization.

Antivirus vendors are adding more IPS protection to their host-based products by expanding their detection of malware and integrating the defensive tools from firewall software. Because they are masters of the art of OS calls, these vendors are well positioned to create HIPS products.

Other IDS vendors are developing personal firewalls and host-based IPS tools that combine system call interception, file-change monitoring, network monitoring, and application behavior analysis to detect known and unknown attacks. These tools have proved beneficial for many organizations, lengthening the window of opportunity for the deployment of software updates to resolve application and operating system vulnerabilities.

Finally, it is important to remember that IPS technology can only be fully utilized when it is used by trained analysts who clearly understand the technology's advantages and limitations. IPS is not a replacement for defense in depth, but it is a good way to strengthen the security posture of your organization.



    Inside Network Perimeter Security
    Inside Network Perimeter Security (2nd Edition)
    ISBN: 0672327376
    EAN: 2147483647
    Year: 2005
    Pages: 230

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net