Usually traffic intrusion detection in the corporate network is provided without an ability to affect the productive services. This mode is named IDS (Intrusion Detection System). IDS also may be integrated with the active network equipment for an ability to block the attacker host or network (IDS shun). Another way is the sensor usage in the active protection mode called inline IPS (Intrusion Prevention System) or with an ability to terminate the TCP-sessions by the way of RST-packet sending to the source and destination host of the malicious session. Let's make some analysis of the IDS and IPS modes according to the network integration requirements.
Thursday 25 February 2016
IDS/IPS implementation phase 2. Throughput metering
Usually traffic intrusion detection in the corporate network is provided without an ability to affect the productive services. This mode is named IDS (Intrusion Detection System). IDS also may be integrated with the active network equipment for an ability to block the attacker host or network (IDS shun). Another way is the sensor usage in the active protection mode called inline IPS (Intrusion Prevention System) or with an ability to terminate the TCP-sessions by the way of RST-packet sending to the source and destination host of the malicious session. Let's make some analysis of the IDS and IPS modes according to the network integration requirements.
Monday 15 February 2016
IDS/IPS implementation phase 1. Network topology points
Correct infrastructure segment and network topology level finding for IDS/IPS network sensors are critical for their efficiency. Users’ and datacenter segments are analyzed for intrusion detection and prevention systems implementation practicability. Network topology points of IDS/IPS integration are defined with technical requirements description.
Subscribe to:
Posts (Atom)