Attack Prevention Article Evaluation

Attack Prevention Article Evaluation

Attack Prevention Article Evaluation

Network intrusion prevention systems are a huge step in organization security but should they really be deployed by enterprises now? This “search security” article takes its time to explain why or why not it should be.

Mike Chapple the author of the article saw a huge release of an IPS on a large network. This IPS came with the hype of massive sales numbers and the promise to get rid of the threats and give the administrators have peace of mind that the system is protected and safe. After the IPS was launched, it crashed after 15 minutes. The IPS technology was not ready to be implemented on such a large network scale on an unfiltered connection.

I personally believe the IPS technology was a bit rushed at its time and was not ready for large-scale networking. I am sure it was tested on little networks here and there and they thought it was good to go but of course their lack of large scale testing bested them in the end, in which this caused them to learn from their mistakes. Today IPS can actually handle high-speed networking and process rule bases more efficiently but the technology itself is risky to test to see if it has to be matured. Mike Chapple goes on to explain what an IPS does compared to an IDS, which of course an IDS detects threats and an IPS detects a threat and eliminates it, so I can tell that he is not uneducated about his topic.

Chapple mentions that a successful Intrusion Prevention System product is one that is of high quality and an easy to use user interface. There are two complementary ways of looking at an IPS:

1. An IPS is an inline network-based IDS (NIDS) that has the capability to block traffic by discarding packets as well as simply detecting suspicious traffic. Alternatively, the IPS can monitor ports on a switch that receives all traffic and then send the appropriate commands to a router or firewall to...