can someone help me understand about a Intrusion detection/prevention system

Discussion in 'other firewalls' started by winterlord, Jun 29, 2013.

Thread Status:
Not open for further replies.
  1. winterlord

    winterlord Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    175
    ok i have been looking all over about advanced hardware and maybe it comes down to software security but i was looking at a DLink DSR-250 because it has Intrusion prevention system built in. but then i had some questions and wondered.

    1. is an intrusion prevention system=IPS more geared toward VPN's?

    2. i read somewhere that you can get an IPS system free off wiki and it directed me to ACARM-ng as well as something called SNORT

    so i was wondering is an IPS system like in the d-link router as well as more well known sonicwall or cisco asa 550 are these IPS systems actualy a peiece of software i can run like youd run a anti-virus or firewall? or would i have to either get a box, or have a spare system to run snort or an IPS system
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Most commercial routers have a firewall that incorporates an IPS. Many software Internet Security suites and also stand alone firewall software firewalls have an IPS feature. Most are designed to prevent denial of service(DoS) attacks only.

    Per Wikipedia:

    Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection.[7] In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by the user. The program will then perform a specific action based on what has been identified.

    For simple home networks and stand-alone PCs, the router or security software IPS solution is usually adequate. DoS attacks these days are mostly directed against large corp., government, and the like networks.
     
  3. MyBlackBox

    MyBlackBox Registered Member

    Joined:
    Jun 28, 2013
    Posts:
    35
    Location:
    Italy
  4. woomera

    woomera Registered Member

    Joined:
    May 21, 2004
    Posts:
    211
    the name says it all but some dont completely understand what it actually does,

    look at this way, what if a malicious software tries to run on your machine which has been made today and no AV yet knows about it? how your system gonna know if this is legit or not? thats where IDS/HIPS(behavior belocker) comes in!

    they decide what is safe and what's not but analysing the application through various mechanism's, one which is behavior analysis.

    as for SNORT home users dont need it, specially those have machines connected through a modem/router to the web so the only intrusion (network ones, which snort looks for) can be made from within the internal network itself.

    take care.
     
Loading...
Thread Status:
Not open for further replies.