Features of IPS

Dear ALL,

I need to know what are the full features and benifits of a network IPS device,whend do I need it on my network,what are the best IPS brands,what is the differnce between IPS and IDS and what are the diffrences between software IPS and hardware IPS.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I think the list of features includes mainly the identification, location, isolation, and remediation of security threats. They block attackers, mitigate Denial of Service (DoS) attacks, prevent information theft, and ensure the security of Voice over IP (VoIP) communications.

Some of the vendors are Juniper, Cisco, Enterasys.

The difference between IPS and IDS is the IDS will detect threats while the IPS will take it step further and block the attacks as well.

The hardware versions are specific platforms made for this one function while software versions would be made to run on a generic PC or server platform.
There was a similar question before where I answered the following, it must be help full for you:(In addition, Other parts of your question are explained as well)

Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents But it does not stop any such activity. For blocking such activity you should use Intrusion Detection & Prevention System rather.
Its a proactive approach towards network security but it add up a hop in network traffic route. It ad up to administrative efforts for network admins and cost.
If the signature for attack or malicious code are not uploaded timely, newer attack can intrude the network. IPS/IDS depends upon the vendor R&D. If the principle vendor is not upgrading its attack and defense profile for intrusions and malicious code, the client will suffer.
Seeing the present trend of Internet and web based applications, you need an IPS/IDS solution if:
- traffic is going and coming to and from internet
- Using web based application over internet
- Too many internet users
- hosting website for the comapny
- client/users connecting to company for work through Internet.....and so many more
Software IPS and Hardware IPS:
If the IPS/IDS is an application/service installed on any server it is a Softaware IPS/IDS, if you have a box in which the code is hard-coded into chip and ASIC the its a hardware. Hardware IPS/IDS are comparatively fastr and independent of server operating system and performance.
Tipping Point - HP
Check point
Fortinet.....to many more

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Well there are multiple types of IDS's, but based on your comment, I'm assuming you mean Network-based IDS and IPS.

IDS's and IPS's are nearly identical.  In fact, most IDS's will act as IPS's in a lot of cases (snort can be compiled in inline-mode to accomplish this task when you have a Linux/iptables based firewall).

The main idea is that an IPS is an IDS with a ruleset (and ability) to block what it considers malicious traffic.  So if the IDS segment of the IPS detects an alert, the IPS either drops the connection directly (when the IPS is inline with your network connection to the outside world) or signals your firewall to drop it.

But either way, an IDS is very similar to an anti-virus in how it functions, in that its rule based.  There are basically long, complex regular expressions (or similar) that sniff incoming and outgoing traffic for patterns defined by rule-writers (like anti-virus signatures).

There are also heuristic IDS's as well that work to more or less of a degree.

Personally my favorite IDS/IPS is Snort.  It's open source, very well understood, and (with the VRT certified ruleset) is backed up by the best malware research group in the world (Sourcefire VRT).  You can also buy Sourcefire's 3D sensors which are basically Snort sensors on steroids.

The ActiveScout also makes a good heuristic sensor from what I hear but they're very complicated and expensive too.
oamal2001Author Commented:
Thanks for all very much.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.