IPS: Intrusion Prevention System
IDS Intrusion Detection System
Intrusion detection System (IDS) is a security product that focuses on risk management by detecting and alerting the abnormal and potentially intrusive data, informing the user of the real-time situation in the network, and providing the corresponding solution and processing methods.
Intrusion Prevention System (IPS) is a security product that focuses on risk control by detecting and defending malicious behavior that is clearly judged as an attack, which can harm the network, data, and reduce or relieve the user's handling resource overhead of the abnormal condition.
Ips
An excellent network intrusion prevention system should have the following characteristics:
Meet the requirements of high performance, provide a strong analytical and processing capacity to ensure the quality of normal network communications;
Provides real-time detection and defense capabilities for various types of attacks, with rich access control capabilities to detect attacks before any unauthorized activity starts, and to avoid or mitigate the damage that the attack may cause to the enterprise;
Accurately identify various network traffic, reduce false positives and false alarms, and avoid affecting normal business communications;
Comprehensive and granular flow control function to ensure the continuous and stable operation of business critical business;
Rich high availability, providing bypass (hardware, software) and HA reliability Assurance measures;
Scalable multi-link IPs protection to avoid unnecessary duplication of security investments;
Provide flexible deployment, support the deployment of online mode and bypass mode, the first time to block the attack outside the enterprise network, but also support bypass mode deployment, for attack detection, suitable for different customer needs;
Support tiered deployment, centralized management, to meet the needs of different scale network usage and management.
WAF (Bodyguard) IPS (security)
WAF
Web Application Protection system (also known as: Website Application level intrusion prevention system. English: Web application Firewall, abbreviation: WAF). Take advantage of internationally accepted claims that Web application firewalls are a product that specifically protects Web applications by executing a series of security policies for Http/https.
Characteristics
Anomaly Detection Protocol
The Web application firewall detects HTTP requests for exceptions and rejects requests that do not conform to HTTP standards. Also, it can only allow partial options for the HTTP protocol to pass, thereby reducing the scope of the attack. Even some Web application firewalls can strictly limit the options that are too loose or not fully developed in the HTTP protocol.
Enhanced input validation
Enhanced input verification can effectively prevent web page tampering, information leakage, Trojan horse implantation and other malicious network intrusion behavior. This reduces the likelihood of the Web server being attacked.
Environment deployment Structure diagram TECNOVA-WAF deployment topology
Timely patches
Patching web security vulnerabilities is the biggest headache for Web application developers, and no one will know what kind of vulnerabilities the next second will pose for Web applications. WAF can do the job for us--as long as there is a comprehensive vulnerability information WAF can block this vulnerability in less than one hours. Of course, this is not a perfect way to mask the vulnerability, and it is a security threat not to install the patch itself, but we do not have a choice, and any protection is better than no protection.
(Note: The principle of prompt patching can be better applied in XML-based applications, because the communication protocols of these applications are normative.) )
Rule-based protection and exception-based protection
Rule-based protection provides security rules for a variety of Web applications, and WAF producers maintain the rule base and update it at all times. Users can perform full-aspect detection of the application in accordance with these rules. Other products can build models based on legitimate application data, and use this as a basis for judging the application data anomalies. But this needs to the user enterprise application has the very thorough understanding to be possible, but in the reality this is very difficult one thing.
State management
WAF can determine whether a user is first accessed and redirects the request to the default login page and logs the event. We can identify attacks more easily by detecting the user's entire operation behavior. The state management mode also detects abnormal events (such as failed landings) and processes them when the limit is reached. This is very advantageous for the identification and response of violent attacks.
Other Protection technologies
WAF also has some security enhancements that can be used to solve the problem of web programmers being overly trusting in input data. For example: Hidden form domain protection, anti-intrusion avoidance technology, response monitoring and information leakage protection.
WAF and IPS