Intrusion Prevention
Systems: Security’s Silver Bullet?
by Dinesh Sequeira
Posted 7/15/2003; Published 3/2003
Abstract:
Traditionally, firewalls and anti-virus programs try to block attacks, and intrusion detection systems (IDSs) identify attacks as they occur. Such techniques are crucial to network security, but have limitations. A firewall can stop attacks by blocking certain port numbers, but it does little to analyze traffic that uses allowed port numbers. IDSs can monitor and analyze traffic that passes through open ports, but do not prevent attacks.
With the proliferation of sophisticated attacks and the discovery of new vulnerabilities, new methods are needed to protect precious data and network resources. Intrusion prevention systems (IPSs) use new proactive approaches that block attacks before damage is done.
Traditional signature-based intrusion detection systems (IDSs) focus on how an attack works, i.e., trying to detect certain strings. But if an attacker uses IDS evasion techniques, the previously written IDS signatures no longer detect it.
In contrast, IPS focuses on what an attack does--its behavior, which does not change. In addition to using signatures, IPSs use a set of rules to represent either permissible or harmful behavior. Traffic in real time is then compared to the set of rules and either permitted or blocked.
Firewalls, antivirus, IDS and IPS have their place in the security landscape, each with its unique features, and are not competing components. Depending on its business needs, budget constraints and level of risk tolerance, the enterprise must draw up a security policy. That policy will determine the mix of components that needs to be installed to meet security goals.
Intrusion prevention is a generic marketing term. Before purchasing a product, study the detection and prevention mechanisms vendors have implemented vis-à-vis current attack methods. In general, IPS can be considered an evolution of IDS technology. Its proactive capabilities will help to keep networks safer from more sophisticated attacks.
In particular, host-based security is becoming more important today, as enterprise networks’ use of tunneling and encryption puts more content out of the reach of perimeter controls such as firewalls.
Bulletproof security does not exist. Security is a continuous process of monitoring, maintenance and modification. Some attacks could still slip through, and no amount of automation can replace trained and vigilant personnel. Tools like IPS can provide a silver lining if not a silver bullet!
About the author:
Dinesh Sequeira is an independent network consultant specializing in network security and wireless networks.
|
|||||
Return to Business Communications Review Gold Sponsor Archives |
|||||
This article is reproduced by special arrangement with our partner, Business Communications Review. |
Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information. Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site. Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.