SL:01 >> Article Helper

Everybody know that you have to install firewall to protect your network from attack. Firewall are the 1st level defending system in your network protection.

Once you connected to the network, you have to had firewall installed. With firewall you can limited access to and from your network. But, do you know that it is not enough to protect your network? There are still viruses coming in your network. There are still someone attack your server. There are still worm propagated your network. and you always blamed your firewall admin, that he doesn’t good enough when configure the firewall.
Don’t you know, that there are no single bullet to protect your it environment?
Depend on your environment, maybe you need antivirus, both in gateway an in your host, you also need antispam, thinking to protect with adding web filtering also good choice, regularly update you server( os and application) patch also good for you. But do you ever think to add intrusion prevention system as part of your network defense protection?
why ips?

zero-day attack
Newly, in the same hour when vulnerable system inform, attack for that vulnerable has launched. You don’t have time to evaluate the system patch nor patch your system,but you already hit by the attack. You can do nothing but suffering.
Viruses launch and attacking your network, and your antivirus vendor, not give you the right signature yet, and you have to delay your business process, transaction, and soon just because your system down. You suffer million dollars lost (direct and potential lost).

IPS give you zero-day protection, it mean, that at the same day when system(/application/device) vulnerability found, you have the protection. Patching, or installing newest signature is not immediately needed.

Dos/DDoS
Dos attack using network weakness by asking unused request to the server just to make the server responding to this request thousand/million time and make the service give up.The server will be down or will have several service down, and make it remote able without authentication needed.
DoS attack is like a phone to call center just to say hello, and after get the response, you hang-up the phone.but you make the call again and again, this make the phone recipient get angry and will never answering phone anymore.
DDos attack is like DoS but, the phone call not only from you, it comes from thousands sources.
Traditional firewall have limited filter regarding to the incoming request, it has these parameter only to filter :

* source / destination ip
* source /destination port
* protocol allowed/not
* packet scabbing
* packed size

That is not enough to filter Dos attack

DoS/DDoS attack that passed by the firewall can be blocked, and your server are protected from this type attack.

Bot Propagation

Bot is little program that install remotely to distributed attack, bot system help attacker inisiate DDoS attack. Bot propogated using worm or spyware. Traditional firewall cannot block this application while remotely transfered. Using IPS, worm and bot application distribution can be blocked.

Here are the protection result using IPS combined with firewall.

<p>

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.