-- PAGE 6 --
Intrusion Prevention Systems: the Performance Challenges faced by the IPS
There are several performance challenges faced by IPS devices and solutions. Most of these originate from the implementations of Intrusion Prevention Systems that are based upon the in-line working model. The in-line working model entails the risk of performance bottlenecks and single points of failure, while failed reports and missing reports also present problems.
An in-line device failure will impact seriously upon the network and, in turn, upon the day-to-day operations of a business or organization. The worst case scenario goes beyond the latency of the network; the network could actually suffer a self-inflicted Denial of Service (DOS) attack if the IPS device goes down. Performance bottlenecks lead to similar scenarios and together these scenarios evidence a significant shortfall in the basic IPS model.
Several vendors have come up with innovations that compensate for such weaknesses, such as the hot-redundant mechanism. Such devices employ a self-testing program which the IPS uses to inspect its own “health”. All devices are set to a transparent routing model which traffic can pass-through via a direct data channel thereby avoiding single points of failure. (See figure 4 below). Other solutions such as duel IPS inline devices are also available.
Figure 4: the transparent routing model
Performance bottlenecks are another issue impacting upon the efficacy of the IPS. Several IPS performance tests were conducted in 20061, following which several vendors claimed that their products' performance had been significantly improved. An examination of the test results, however, reveals that the improvements to performance that had been made, did not necessarily equate to an increase in the level of security, since an IPS needs to work slowly and methodically for the purpose of accuracy.
-- PAGE 6 --
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Glossary | References
Notes:
1 David Newman. 09 Nov 2006. IPS performance tests show products must slow down for safety [online]. [Accessed 21st Sep 2006]. Available from World Wide Web: http://www.networkworld.com/reviews/2006/091106-ips-test.html
Xuhua Ji, September 2007
(You are free to reproduce any of the information in this article or part thereof, so long as the byline remains intact and a link is provided back to this page)
add to del.icio.us
0870 393 0044
free articles
- Internet marketing tips - onsite SEO (pdf opens in a new window) read more >>
- Email messaging services and protocols (pdf opens in a new window) read more >>
- Search engine optimisation: an integrated approach (opens in a new window) read more >>
- How to find a good web designer or eCommerce provider - read more >>
- How to keep old computers out of landfill - read more >>
- How enterprises can save money on software licenses - read more > >
- More green computing tips for businesses - read more > >
- How to find a domain name - read more > >
- how to find a web hosting package - read more > >
- IPSs- an intro read more > >
free links
- free technical resource links read more > >
- list of free business directories read more > >