Sunday, September 19, 2010

IPS detection and prevention simultaneously



IPS detection and prevention simultaneously

With vulnerabilities continue to be discovered, enterprise network security threats facing more and more complicated. But despite these attacks can bypass traditional firewall, set in the network or internal network around the Ruqin Protection 绯荤粺 (IPS) is still able to prevent these attacks, You Xiao, Wei Pei Zhi who do not add patches or improper server Tigongbaohu.

While intrusion detection systems (IDS) can monitor network traffic and alert, but it does not block attacks. The IPS is able to carefully check all data packets, and immediately determine whether to authorize or prohibit access. IPS has some filters that can prevent the system on various types of vulnerability to attack. When a new vulnerability was discovered, IPS will create a new filter, and incorporated under the jurisdiction of their own to test any of these vulnerabilities malicious attack attempt will be blocked immediately.

If an attacker using Layer 2 (MAC) to Layer 7 (application) of the weaknesses of intrusion, IPS can detect from the data stream and stop these attacks. Traditional firewalls can only Layer 3 or Layer 4 inspection, but can not detect the application layer content.



IPS packet processing engine is a professional custom integrated circuits, you can check each packet in a byte. In contrast, the firewall's packet filtering technology does not check for each byte and, therefore, can not find attacks. IPS device using filters on the data stream to inspect the entire contents. All data packets have been classified, each filter is responsible for analyzing the corresponding packets. Only by examining the packets can move on. Classification is based on packet header information, such as source IP address and destination IP address, port number and applications domain.

Each filter contains a set of rules, only to meet these rules will be recognized as packets do not contain malicious content. In order to ensure the accuracy of these rules is very broadly defined. Classify content in the transmission, the engine must refer to the information packet parameters, and their resolve to carry out a meaningful context of the domain. For example, in dealing with buffer overflow attacks, the engine gives an application layer in the buffer parameter, and then evaluate the characteristics used to detect the existence of attacks. In order to prevent the attack to reach targeted, in a data stream is identified as a malicious attack, is the data flow of all data packets will be discarded.

Detect weaknesses in the different mining system attacks, IPS require different filters. Some of the known characteristics of the attack or by attempts to match the form of filters to detect. As for other attacks such as buffer overflow attacks, IPS needs more complex filters. This complex filters can be used protocols and application-level decoder to set the rules. For "network clean" and "packet overflow" attacks such as multi-stream, IPS will need to filter the collection of statistical information to detect anomalies.

Filter engine combines water and large-scale parallel processing hardware, can also handle thousands of data packet filter inspection. Parallel processing ensures that packet filters can be continuously and as quickly through the system, not on the speed of impact. This hardware acceleration technology for the IPS is important, because the traditional software solutions must check one by one filter will result in greatly reduced system performance.

As a transparent device, intrusion prevention system is part of the network connection. In order to prevent the IPS as the weak link in the network performance, IPS needs to have excellent in redundancy and failover mechanisms, so that you can ensure that the network Zai failure can still be normal Yun Xing. In addition to being defensive front, IPS or network cleaning tool that can eliminate malformed packets and non-mission critical applications, so network bandwidth is protected. For example, IPS can prevent applications such as file-sharing illegal transfer of copyright files.







相关链接:



Matroska Video File



U.S. Stocks Comment: Sun Die-hard



avi to mpeg CONVERTER free



ThinkPad First National User Conference held in Beijing



Good Mail Servers



Convert audio files



3DS MAX graphic example of particle flow - Character rain



FreeBSD editor VI



J2ME Optional Package - PIM Description



GIANT B & Q



Management And Distribution Specialist



Password secret login password set LIMITS



Toyota Authorized Dealer



e-cology in the Pan Micro Series 29



rmvb PS3



No comments:

Post a Comment