|
Much like Reeses peanut butter cups, an IPS provides smooth integration between two distinct security technologies. Deeply inspecting TCP IP packets and then blocking unwanted traffic, the IPS is a must for any network that wants to be secure. One can implement the IPS in many different ways. One of my favorite ways of implementing an IPS system is in invisible mode. Basically the appliance is connected as if it's a wire all by itself. The wire goes in one port and out another. The appliance doesn't even have an IP address. They are completely invisible. The IPS then listens to and checks the packets running on the wire. Much like a network sniffer, the IPS reads into the packets and then compares them to a database of signatures very much like any anti-virus systems.
Of course there are other modes for the IPS to work in. Learning mode, for example, is where you let the IPS read the network traffic for a designated time frame. During this stage the IPS builds himself a pattern which he assumes is permitted traffic. Afterwards, once the IPS is switched to an active stage, any anomalies not recognized during the learning stage are identified and blocked. Depending on the brand and model of the IPS, there are pluses and minuses to both sides. |
ADD TO FAVORITES
RATE THIS PAGE
PRINT THIS