As IDS does not use original traffic for intrusion detection, even if IDS device is failed it does not affect the flow of network whereas IPS works inline and uses original packets for detection,if IPS device fails network flow stops completely.Malicious traffic preventionIDS does not prevent malicious traffic as it works in the promiscuous mode. On the other hand IPS can drop or modify traffic by itself, and it can also request another device to prevent malicious activity.IDPSIDPS includes functionality of both IPS as well as IDS which can be kept in line and achieved best results to prevent intrusion. IDPS keeps track of the detected threats.Types of IDPS:Host based IDPS Host based IDPS is installed or placed on the specific host where it detects and prevent attacks and threats on the specific host.HOST based IDPS monitors specific host consistently and prevents suspicious unusual activates. HIDPS can access the system files of the host, so it can detect the modified files of the by the attacker in the host system.As it concentrates on the specific host, it is more secured and reliable.HIDPS decrypt the encrypted network flow, and scans the decrypted data.HIDPS refers to change in the audit logs that consist of behavior of the application which helpsto detect the attacks done by Trojan horse program.Yet, it is bit difficult to manage IPDS slideNetwork Based IDPSNetwork based IDPS is placed with the network appliances like core switch to analyze the network traffic. 2
Professor Jonathan S. Weissman RIT CSEC 744 Snort Lab It can monitor the traffic for entire segment, and it can adapt existing network Yet, in network based IDPS, it is difficult to decrypt fast moving encrypted packet. There are two types Network Based IDPS Wireless IDPS Network Behavior IDPS Wireless IDPS Wireless IDPS’s are introduced to analyze wireless traffic. Wireless IDPS helps to detect rogue access points, unauthorized wireless lans, DDoS attacks, man in the middle attacks Disadvantage of the Wireless IDPS is lack of physical security of the devices, inability to detect passive attacks, and distributed access point locations. Network Behavior Analysis IDPS NBA IDPS monitors the network traffic flow, and it analyzes the unusual traffic flow which includes Denial of Service attack, malicious code like worms or malwares, and violation of the policies. Advantages of the IDPS IDPS can monitor and analyze the real time network traffic which provides alerts if attack is encountered. Disadvantages Poor way to deal with the switched networks and encrypted data packets which may result into detecting newly invented attacks. IDPS detection mechanisms A. Signature based IDPS B. Statistical Anomaly based IDPS C. Stateful protocol IDPS A. Signature based IDPS It uses the signature patterns for detection of the attacks as many of the attacks have distinct signatures. Signature can be of Exploit based or vulnerability based where exploit based signatures.
You've reached the end of your free preview.
Want to read all 18 pages?
- Summer '19
- Intrusion prevention system, Intrusion detection system, S. Weissman RIT, Weissman RIT CSEC, Jonathan S. Weissman RIT CSEC