Saturday, September 25, 2010

IPS detection and prevention simultaneously



IPS detection and prevention simultaneously

With vulnerabilities continue to be discovered, enterprise network security threats facing more and more complicated. But despite these attacks can bypass traditional firewall, set in the network or internal network around the Ruqin Protection 绯荤粺 (IPS) is still able to prevent these attacks, You Xiao, Wei Pei Zhi who do not add patches or improper server Tigongbaohu.

While intrusion detection systems (IDS) can monitor network traffic and alert, but it does not block attacks. The IPS is able to carefully check all data packets, and immediately determine whether to authorize or prohibit access. IPS has some filters that can prevent the system on various types of vulnerability to attack. When a new vulnerability was discovered, IPS will create a new filter, and incorporated under the jurisdiction of their own to test any of these vulnerabilities malicious attack attempt will be blocked immediately.

If an attacker using Layer 2 (MAC) to Layer 7 (application) of the weaknesses of intrusion, IPS can detect from the data stream and stop these attacks. Traditional firewalls can only Layer 3 or Layer 4 inspection, but can not detect the application layer content.



IPS packet processing engine is a professional custom integrated circuits, you can check each packet in a byte. In contrast, the firewall's packet filtering technology does not check for each byte and, therefore, can not find attacks. IPS device using filters on the data stream to inspect the entire contents. All data packets have been classified, each filter is responsible for analyzing the corresponding packets. Only by examining the packets can move on. Classification is based on packet header information, such as source IP address and destination IP address, port number and applications domain.

Each filter contains a set of rules, only to meet these rules will be recognized as packets do not contain malicious content. In order to ensure the accuracy of these rules is very broadly defined. Classify content in the transmission, the engine must refer to the information packet parameters, and their resolve to carry out a meaningful context of the domain. For example, in dealing with buffer overflow attacks, the engine gives an application layer in the buffer parameter, and then evaluate the characteristics used to detect the existence of attacks. In order to prevent the attack to reach targeted, in a data stream is identified as a malicious attack, is the data flow of all data packets will be discarded.

Detect weaknesses in the different mining system attacks, IPS require different filters. Some of the known characteristics of the attack or by attempts to match the form of filters to detect. As for other attacks such as buffer overflow attacks, IPS needs more complex filters. This complex filters can be used protocols and application-level decoder to set the rules. For "network clean" and "packet overflow" attacks such as multi-stream, IPS will need to filter the collection of statistical information to detect anomalies.

Filter engine combines water and large-scale parallel processing hardware, can also handle thousands of data packet filter inspection. Parallel processing ensures that packet filters can be continuously and as quickly through the system, not on the speed of impact. This hardware acceleration technology for the IPS is important, because the traditional software solutions must check one by one filter will result in greatly reduced system performance.

As a transparent device, intrusion prevention system is part of the network connection. In order to prevent the IPS as the weak link in the network performance, IPS needs to have excellent in redundancy and failover mechanisms, so that you can ensure that the network Zai failure can still be normal Yun Xing. In addition to being defensive front, IPS or network cleaning tool that can eliminate malformed packets and non-mission critical applications, so network bandwidth is protected. For example, IPS can prevent applications such as file-sharing illegal transfer of copyright files.







相关链接:



Infomation Cartoons - Screen Savers



Competitive Strategy: Legal spying



If TOMORROW is the last night of IPv4



XviD to iPhone



TOD converter



e-cology in the Pan Micro Series 29



Beijing TV (radio and television media)



3GPP To WMV



FTP Clients DIRECTORY



convert to 3gp 3



Create Fireworks Animation Fireworks



Eclipse + JBoss + EJB3 Entity Bean's connection strategy



Easy to use Personal Finance



Fireworks produced the modal filter



Younger's Quickstep



Directory WIZARDS And Components



Three anti-monopoly law enforcement departments, year introduced several new deal soon



No comments:

Post a Comment