Traditional Firewall solutions provides only a necessary first line of defense, but in today's IT are ineffective. Nwe attacks make use of weaknesses and failures of specific programs and applications. These attacks are from the perspective of traditional firewall hidden in legal service (HTTP, email, application ...). Detecting application-layer attacks is a matter of a second line of defense.
As a second line of defense is using IDS (Intrusion Detection System) devices. It is a passive probes that track network traffic and are able to detect suspicious activity. Attack is detected only in the process and the few packets always reaches the target.
For these reasons was developed a device IPS - Intrusion Prevention System. IPS is an active device placed in the way "in-line". It can detect attacks and immediately block it at the network edge. Blocked are only unwanted activities. It Creates additional layer of security system and supplement existing traditional firewalls.
As traditional firewalls are already part of modern enterprise networks, adding IPS functionality into the firewall is financially and organizationally easier than buying and installing additional separate devices. Solution can also be a new next-generation firewalls, which already contain the solution IDS / IPS protection.
There can be scenarios, where the deployment of separate IPS devices always gives sense. Isolated IPS best fit for use in a particular part of the network, where local data traffic must pass through the firewall, so deploying a separate IPS device is necessary. Also, if there are firewalls and IPS operated by different departments of network security, deployment IPS device gives a sense for practical reasons.
Offer a choice of several methods of detection:
- stateful signature
- protocol anomaly
- traffic anomaly
- IP spoofing
- L2 detection
- denial of service detection
- network honeypot