-- PAGE 1 --

next page >>

The challenges of assessing network security and the birth of the Intrusion Prevention System (IPS)

Network Security – the Background

As companies continue to implement and develop information systems with ever-increasing frequency, and as technical crime continues to escalate - including attacks such as “phishing” and D.O.S (Denial of Service) attacks -, it becomes ever-increasingly apparent that network security is among the most important components for a mature IT infrastructure, and especially so for companies that provide online services. It is also evident that as this trend continues, so will the importance of implementing secure networks.

Precursors of the Intrusion Prevention System

Traditional passive network security measures such as firewalls, security policies and intrusion detection systems (IDSs) all contributed towards the development of proactive Intrusion Prevention Systems (IPSs), and the role these solutions played in that development, including a consideration of their individual strengths and weaknesses, forms the basis for understanding the background of the IPS.

The Intrusion Detection System (IDS)

The IDS acts as a guardian of the network, monitoring and recording activity and reporting suspicious behaviour. It sends an alarm to the network administrator warning of any suspect behavior, attacks or unusual data flows. In turn, the administrator is expected to analyse the data provided by the IDS sensors, and follow up with relevant action; such as re-configuring the firewall to block specific traffic once an attack is confirmed. However, these are reactive measures which occur after the intrusion upon the network has actually occurred and sometimes after resultant damage and financial loss has already been incurred by the company.

In such a scenario, the protection of the network relies not only on the efficiency and capability of firewall and IDS devices, but more importantly, upon the level of expertise and competence of the network administrator. This, of course, is a factor that cannot be standardized, measured or predicted by a security solution provider, and impacts directly upon the performance and efficacy of network security. Consequently, there is an increasing demand for more active, and measurably active, protection from security hardware and software, and a need for less dependency upon human intervention for monitoring and reacting to network security issues. The IPS came into being to meet this need.

The market research data shown in figure 1 (below), illustrates the above point, indicating that during the last 4 years or so, implementations of IPS devices and IPS solutions have been steadily increasing; the figure for 2007 being nearly triple that for 2002. The growth of traditional firewall protection usage has been a little slower, having more-or-less doubled over the same period. As the statistics show, companies are increasingly seeking newer and more effective protection methods for their network security, and moving gradually towards models that are less reliant on human intervention for critical tasks.

Figure 1: Network security merket trends

-- PAGE 1 --

next page >>

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Glossary | References

Xuhua Ji, September 2007

(You are free to reproduce any of the information in this article or part thereof, so long as the byline remains intact and a link is provided back to this page)

    add to del.icio.us

We offer Windows Server 2003 and Windows Server 2008 training courses: read more

Further reading on network security