网络安全设备基础

英语

本系列视频观看地址:Networking Security Devices

1.IDS and IPS

入侵检测设备与入侵防御设备

An intranet is a private network which is heavily protected by many different networking devices, such as router, firewall, proxy server, honeynet, DMZ, IPS and IDS.

This diagram is an overly-simplified version of the reality. I try to put these devices together in a reasonable order, only for teaching and learning purpose.

Today my topic is IDS and IPS.

IDS stands for Intrusion-Detection System. The system is often deployed on the network,close to the perimeter. It is very much like a CCTV camera above a business entrance or sensors on its doors. IDS is a passive system that scans incoming traffic. Once the IDS identified dangerous or suspicious traffic,it can send alerts but leaves the action to IPS.

IPS stands for Intrusion Prevention System. Unlike IDS, IPS is able to actively block or prevent intrusions. It means IPS takes action:

1) Inspection and investigation: Inspection can include signature-based inspection and statistical anomaly-based inspection. Investigation includes analyzing suspicious packets and activities.

2)Action: once unwelcome packets are identified, IPS would either put them in quarantine, or simply drop them.

3) Logs and reports: Like many security devices,IPS can log attacks and send reports

Keep in mind,IDS and IPS are not necessarily two separate physical devices. They can be combined into one device.

They can be also combined with other devices,such as firewall,router, or proxy, into a single device. Unified Threat Management (UTM) and next-generation firewalls are two examples.