Wednesday, August 4, 2010

IPS detection and prevention simultaneously


IPS detection and prevention simultaneously

With vulnerabilities continue to be discovered, enterprise network security threats facing more and more complicated. But despite these attacks can bypass traditional firewalls, set in the network perimeter or internal network intrusion prevention system (IPS) can still effectively prevent these attacks, for those who did not add the patch or provide protection for poorly configured servers.

While intrusion detection systems (IDS) can monitor network traffic and alert, but it does not block attacks. The IPS is able to carefully check all data packets, and immediately determine whether to authorize or prohibit access. IPS has some filters that can prevent the system on various types of vulnerability to attack. When a new vulnerability was discovered, IPS will create a new filter, and incorporated under the jurisdiction of their own to test any of these vulnerabilities malicious attack attempt will be blocked immediately.

If an attacker using Layer 2 (MAC) to Layer 7 (application) of the weaknesses of intrusion, IPS can detect from the data stream and stop these attacks. Traditional firewalls can only Layer 3 or Layer 4 inspection, but can not detect the application layer content.



IPS packet processing engine is a professional custom integrated circuits, you can check each packet in a byte. In contrast, the firewall's packet filtering technology does not check for each byte and, therefore, can not find attacks. IPS device using filters on the data stream to inspect the entire contents. All data packets have been classified, each filter is responsible for analyzing the corresponding packets. Only by examining the packets can move on. Classification is based on packet header information, such as source IP address and destination IP address, port number and applications domain.

Each filter contains a set of rules, only to meet these rules will be recognized as packets do not contain malicious content. In order to ensure the accuracy of these rules is very broadly defined. Classify content in the transmission, the engine must refer to the information packet parameters, and their resolve to carry out a meaningful context of the domain. For example, in dealing with buffer overflow attacks, the engine gives an application layer in the buffer parameter, and then evaluate the characteristics used to detect the existence of attacks. In order to prevent the attack to reach targeted, in a data stream is identified as a malicious attack, is the data flow of all data packets will be discarded.

Detect weaknesses in the different mining system attacks, IPS require different filters. Some of the known characteristics of the attack or by attempts to match the form of filters to detect. As for other attacks such as buffer overflow attacks, IPS needs more complex filters. This complex filters can be used protocols and application-level decoder to set the rules. For "network clean" and "packet overflow" attacks such as multi-stream, IPS will need to filter the collection of statistical information to detect anomalies.

Filter engine combines water and large-scale parallel processing hardware, can also handle thousands of data packet filter inspection. Parallel processing ensures that packet filters can be continuously and as quickly through the system, not on the speed of impact. This hardware acceleration technology for the IPS is important, because the traditional software solutions must check one by one filter will result in greatly reduced system performance.

As a transparent device, intrusion prevention system is part of the network connection. In order to prevent the IPS as the weak link in the network performance, IPS needs to have excellent in redundancy and failover mechanisms, so that you can ensure that the network Zai failure can still be normal Yun Xing. In addition to being defensive front, IPS or network cleaning tool that can eliminate malformed packets and non-mission critical applications, so network bandwidth is protected. For example, IPS can block peer file sharing applications, the illegal transfer of copyright files.






Recommended links:



News About Hobby



windows 7 rmvb



PowerBuilder menu creation



Ten Rational Unified modeling elements [3]



Failure From shutdown trouble



Happy Dragon Boat Challenge embroidered non-mainstream "brown" to mobilize



Convert mp4 avi



mp3 to aac



.ape files



Specialist Benchmarking



Picked AUDIO Recorders



XHTML basic questions and answers - for beginners



Recommend Audio Recorders



IPTV will be better than "the right to license the Move"



Flex open source framework summary



No comments:

Post a Comment