Introduction Various options are available IDPS, based on behavior of network and contents of each and every packet. Firewall, based on Access Control List. VPN,communication network tunneled through public network.
Why IDPS…… Firewall,based on policy defined in Access Control List Policy based filtering when session is established Not able to check each packet in network Tend to stop search when find any match. Able to shutdown the connection but not able to throttle the traffic
IDPS Detection method Specification Detection, based on the application reorganization rules for detecting application and attacks. Anomaly Detection, based on the behavior of the available pattern in IDPS. Integrity Check, detection based on hash values and signatures for verify the integrity of data.
Future Enhancement …… Can be more sophisticated application Session Monitoring Learning UTM
IDPS Example Cisco 6000 Family IDS Snap Gear by Secure Computing Linux IP Tables (Open Source) Snort Intrupro Sonic Wall Gateway
References Article “IDS Evaluation” published on Network world Magazine. Insertion, Evasion and Denial Of Service:-Eluding Network Intrusion detection System -Thomas H. Ptacek, Timothy N. Newsham. www.securityfocus.com