IDS and IPS

4 minutes
Share the link to this page
Copied
  Completed
You need to purchase the class to view this lesson.
One-time Purchase
$99.99
List Price:  $139.99
You save:  $40
د.إ367.26
List Price:  د.إ514.18
You save:  د.إ146.92
A$129.98
List Price:  A$181.98
You save:  A$51.99
৳8,480.29
List Price:  ৳11,872.75
You save:  ৳3,392.45
CA$127.58
List Price:  CA$178.62
You save:  CA$51.04
CHF 88.77
List Price:  CHF 124.29
You save:  CHF 35.51
kr613.55
List Price:  kr859
You save:  kr245.44
€82.49
List Price:  €115.50
You save:  €33
£72.87
List Price:  £102.02
You save:  £29.15
HK$775.09
List Price:  HK$1,085.16
You save:  HK$310.07
₹7,300.87
List Price:  ₹10,221.51
You save:  ₹2,920.64
RM404.50
List Price:  RM566.32
You save:  RM161.82
₦38,096.19
List Price:  ₦53,336.19
You save:  ₦15,240
kr862.11
List Price:  kr1,206.99
You save:  kr344.87
NZ$139.04
List Price:  NZ$194.67
You save:  NZ$55.62
₱4,808.39
List Price:  ₱6,731.95
You save:  ₱1,923.55
₨16,063.39
List Price:  ₨22,489.39
You save:  ₨6,426
S$132.78
List Price:  S$185.89
You save:  S$53.11
฿2,998.65
List Price:  ฿4,198.23
You save:  ฿1,199.58
₺737.82
List Price:  ₺1,032.99
You save:  ₺295.16
B$540.18
List Price:  B$756.27
You save:  B$216.09
R1,519.31
List Price:  R2,127.09
You save:  R607.78
Лв161.55
List Price:  Лв226.18
You save:  Лв64.62
₩110,645.06
List Price:  ₩154,907.51
You save:  ₩44,262.45
₪326.55
List Price:  ₪457.19
You save:  ₪130.63
Already have an account? Log In

Transcript

I've got a little network right here. So this yellow box is going to be my switch. And these individual little cylinders are going to be my host. And this guy right here is my connection to the Internet. So he's just going to be at this moment, well, just a router. Now, when we look at this network, it's really, really important to us that well, we don't let naughty things happen to our network.

So within the internet world, the first line of defense is going to be a firewall. And now the firewalls main job is to prevent naughty things from the outside world coming into our network. So traditionally, a firewall is going to be right here. So that's why so many routers also have built in firewall features. Now, a router doesn't have to have that if we wanted to. We can go out and buy a specialized firewall device.

And now we can have our router and then our firewall as its own separate devices. Barracuda Pinnacle, a lot of people will sell you a box like this. And this thing's been updated. So it's always aware of evil things that are out there. And so this is not an uncommon setup. So we've got some kind of router, we got some kind of firewall, and then we have our network itself.

Now, firewalls are great, and we certainly discuss firewalls in other episodes. But we have another problem here. And that is that firewalls are imperfect. So if I have an imperfect firewall, I need to have something inside the network that's watching for naughtiness to happen. And that's where intrusion detection systems come into play. an intrusion detection system can just be a computer with specialized IDs software, or it could be a specialized device.

But by nature, intrusion detection tends to be on the inside of the network. So here, I'll just plug him into my switch. And his job is to watch for naughty things on the network itself. If he detects something on the network, work. It's the idea. It's his job to let somebody know, in the early generations of ideas, this would be done with those, they would send an email to somebody or hit their pager.

Yeah, they are that old. Today, you'll get a text message or something like that. So again, it doesn't matter to me, this could be a specialized device, or it could be a Windows machine running specialized IDs software. Now. This is the first generation of intrusion detection. Now, over time, we began to get intrusion detection, that became what we call active.

So this box would say, Oh, I noticed that there's a well known attack coming in here. And what he could do would be to talk to the firewall itself and say, Hey, firewall, shut off a port or stop a particular application or do something to stop this attack and we called that and I am using the past tense, active IDs. Active IDs is really what we call intrusion prevention now or IPS IPS system does the same thing as an IDS. It's looking on the inside of the network for naughtiness, but it does something to stop it. Now if I have a device way over here, it has a hard time stopping things because it's not actually in line. So what we usually see with IPS is something like this.

This is getting long. Now again, we can have routers that have IPS built into them. We can have firewalls with IPS built into them, but you can actually still buy IPS boxes whose only job is to provide IPS features. Now, assuming we have something like this, this box right here is tends to be inline. And it is certainly monitoring the internal network. But if it catches something in here, it's going to do something here to stop it.

And that's the big thing you need to be aware of when it comes to IDs versus IPS on the network. Plus Oh and by the way, make sure that you can handle any questions defines the difference between a firewall versus an IDS versus an IPS.

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.