- Market surges, Gates predicts 9% unemployment
- Obama the first presidential hopeful to advertise in games
- Microsoft reveals critical holes in Active Directory
- BlackBerry Storm vs. the iPhone
- How will economy affect network equipment vendors?
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
During Network World's recent Security Technology Tour, we received a lot of questions about intrusion-prevention systems. The problem is that there is little agreement on what an IPS really is.
The security experts on the tour agreed on one thing: An IPS must be inline. That is, packets have to move through the IPS to prevent intrusions. While the idea of resetting connections and changing firewalls is a good interim step, enterprise-class intrusion prevention will require that the IPS handle packets, dropping them when something is wrong.
A second assumption about IPS is that it is a "permissive" technology. In other words, an IPS will drop a packet if it has a reason to, but the default behavior is to pass traffic along. In contrast, a firewall is a "prohibitive" technology: It lets a packet through only if it has a reason to.
Obviously, firewalls are also intrusion-prevention devices. Some experts say that all IPS vendors are talking about is what firewalls should be doing. But the difference in the orientation of these technologies suggests that they are not the same.
More importantly, because they are different, you can use a firewall or an IPS or both at any point in your network. At the perimeter, it's reasonable to expect that a firewall also will have an IPS built in. But at the core of the network, inline IPS might be built into switches and routers.
How do you convince purse holders to buy into IPS? There's no easy answer to that. The "fear factor" approach can be useful. Make the decision-makers afraid. Point out the new legislation regarding liability. And perhaps you'll see the money start to flow. But that's not a long-term solution.
For some, an IPS can be justified on the "nuisance factor" instead. By blocking the thousands of Code Red and MS-SQL Slammer attacks coming into the network every hour, the load on the firewall is lightened, the Internet connection is faster and the Web server logs are easier to analyze.
For others, IPS justification will have to be part of a larger program of security, justified on the basis of traditional ROI analysis.
What's clear from tour attendees is that wrapping a firewall around the perimeter is no longer sufficient to meet the needs of modern networks. Technologies such as IPS need to be pushed into the network, not just at the edge, but throughout the entire infrastructure.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment