888.300.3118

IT Security Services > IDS & IPS

Intrusion Detection & Prevention Systems

Intrusion Detection Systems (IDS) are a fundamental tool of network security. They compliment network routers and firewalls, as they’re designs are built for detecting well known attack patterns and attack signatures.

The general method of deployment for an IDS (on a gigabit network) is by tapping one or more network segments on a switch port through port mirroring (also known as port spanning), monitoring all of the packet streams promiscuously on a dedicated interface.

IDS vs IPS

IPS Network Topology Diagram

Going a step above and beyond and IDS are Intrusion Prevention Systems (IPS), with the primary differences being an IPS is deployed inline having the abilities of dropping packets, blocking the attack hosts (for predefined intervals), and alerting and logging upon attack detection (IDS’s can as well alert and log, but cannot take actions interfering with connections).

A typical IPS deployment in a basic network topology is show above. The IPS placement in the diagram is efficient, in that non-trivial packet filtering should be done by the network router or firewall, so as to conserve the resources needed by the IPS for packet processing only for traffic validated by the router or firewall in front of it (IPS’s require a lot of CPU and as such should only work on inspecting what is allowed).

Get in touch

If you would more information on how we can help, drop us a quick line to schedule a chat on out contact page.