- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Blocking attacks with intrusion-prevention systems rather than simply monitoring for them with intrusion-detection systems is slowly gaining ground inside corporations and government agencies, despite worries about disrupting legitimate traffic.
But many organizations often don't use the full blocking capability of these products, whether installing them in a firewall-based Internet zone or deep inside a corporate LAN. To gain confidence that blocking won't backfire on them with false positives, organizations are using IPS in what's called mixed or bridge mode. This lets them stymie a portion of attack traffic, such as computer worms, but otherwise lets the IPS work like an in-line IDS.
"Don't switch to the blocking in the IPS until you really need it, say, to block worms like SQL Slammer," advises Lloyd Hession, chief security officer for Radianz, whose global network connects about 5,000 financial firms around the world. "These devices become a lightning rod inside an organization, and it's typical to blame the IPS for any problem."
Radianz has used an IPS inside its network for more than three years, in this case a software-based product called Guard made by Internet Security Systems (ISS). Hession says he's migrating from the Guard equipment to the ISS Proventia G200 appliance, scheduled to ship next week. Unlike Guard, the 200M bit/sec Proventia G200 can work in mixed mode, simultaneously blocking and monitoring. It also can be set up as a passive IDS.
|
|
| Initially use an IPS in mixed mode — that is, with both active blocking and passive intrusion detection — to gain confidence that it won’t block legitimate traffic. | |
| Make sure the IPS is flexible enough for custom-designed attack prevention. | |
| Do both lab and production tests before full deployment. | |
| If the selected network IPS works out, experiment using it without a firewall or IDS. | |
| Prepare to face situations where, because of its novelty, the IPS will be the scapegoat for any number of network and application problems. |
Out of the box, the $12,000 Proventia G200 is set to ban 100 threats, such as worms, peer-to-peer traffic, Trojans and instant messaging. But it also can be set up for in-line simulation, reporting on what it would have blocked if it had been allowed.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment