Three basic IP VPN technologies are used today to create network architectures: Multi Protocol Label Switching (MPLS), IP Security (IPSec), and Secure Socket Layer (SSL).
Many companies are using combinations of these technologies to develop unique solutions for specific business needs. Understanding the options can help network managers make good choices, and design an optimized infrastructure that effectively uses the available technologies.
Businesses that want to protect their networks from external attacks have a number of powerful tools at their disposal. Firewalls, for example, do a very good job of filtering and, in many cases, analyzing data packets to ensure that potentially destructive data is caught before it can do any harm.
But most companies that are really serious about keeping troublemakers off of their networks also employ a technology that is specifically designed to target the presence of potential attackers: IDPS (Intrusion Detection and Prevention Systems).IDPS technology, which is formulated to work in conjunction with a firewall — a network's first line of defense — is comprised of two basic forms:
IDS (Intrusion Detection System): An IDS analyzes incoming data traffic for suspicious types of activity. If it detects something peculiar, the IDS alerts the network administrator, who can then move to halt whatever event is taking place. In some cases IDS systems can also kick off automatic events in other systems on the network to protect it.
IPS (Intrusion Prevention System): An IPS is similar to an IDS, except that the product is designed to take immediate action — such as blocking a specific IP address or user — rather than simply issuing an alert. Some IPS products also use behavioral analysis to spot and stop potentially dangerous data. An IPS is often described as a "reactive" system, as opposed to an IDS, which is typically considered to be "passive."
Both IDS and IPS products come in various configurations, each designed to address a particular intrusion-protection need. Here are some of the leading types of products currently available:
Network Intrusion Detection and Prevention: This is the most common use of IDPS technology, designed to provide network-wide protection. While it would be ideal on a very large network to insert a single IDS or IPS at the gateway in order to scan all traffic, such a design approach raises the possibility of creating a bottleneck that would degrade overall network performance. Therefore, in order to efficiently monitor traffic to and from all network devices, it's not uncommon to place IDPS systems at various strategic points within the network.
Host Intrusion Detection and Prevention: Businesses add these systems to individual critical hosts or devices residing on the network. This type of IDPS monitors both inbound and outbound packets — but only through the device with which it is associated.
Signature-Based Intrusion and Prevention: This type of IDPS is useful for detecting viruses and other types of malware. The product compares all of the packets that flow through it with a database of known threats. Like anti-malware offerings, a signature-based IDPS is only as good as the information it uses, meaning that technology is vulnerable to "zero day" security events. On the other hand, a signature-based IDPS is a very reliable way of defending a network against known threats, which constitute the majority of network perils.
Anomaly-Based Intrusion and Prevention: One could describe this kind of IDPS as being naturally suspicious. That's because an anomaly-based IDPS is always looking for something out of the ordinary. The system continuously scrutinizes network traffic and compares it against an established baseline. Any detected deviations from "normal" performance in terms of bandwidth use, ports accessed or devices connected will cause the IDPS to issue an alert and take proactive steps to ensure the network's health. This type of firewall can be particularly effective in helping business cope with DDoS (distributed denial of service) attacks, when large numbers of computers are recruited to join together and bring down a Web site.
IDPS Vendors
Vendors offer IDPS solutions with a variety of different capabilities, allowing businesses to find the product that most closely matches their requirements. Major IDPS vendors include:
· Enterasys Networks Inc.
· Cisco Systems Inc.
· IBM Internet Security Systems
· Juniper Networks Inc.
· Network Chemistry
No comments:
Post a Comment