The role of IPS in Campus Network Security

With the increasing popularity of the Internet and the importance of national education, most colleges and universities have established Campus Networks, which not only improves the educational level, but also opens a window for students to understand the world. However, the security issues that follow have brought unprecedented challenges to the campus network. On the one hand, insecure factors such as malicious code, viruses, hackers, poor websites, and human interference pose certain obstacles to the normal development of campus networks. On the other hand, due to security concerns, many Campus Networks impose many restrictions on the use of the Internet, which also affects teaching to a certain extent. At present, the main functions of campus network are generally concentrated in network teaching and the use of the Internet.

As the requirements for reliability and availability of key information systems are further improved for teaching and scientific research, higher requirements are also put forward for application system continuity and data sets. With the continuous development of Internet technology, various P2P applications are also widely used in campus networks. As a popular download method, various P2P applications allow users to easily find their desired network resources. However, a large number of unrestricted P2P connections will greatly consume network bandwidth resources, bring great troubles to the normal network services of xigong University, and also bring some security risks. In addition, because there are many student machines in the campus network and no antivirus software is installed in a unified manner, how to prevent the spread of viruses on the internal network is also an important issue in front of the head of the school network center.

In the face of today's mixed threats, traditional security systems can no longer meet security requirements. The purpose of the firewall is to control network access. It is powerless for hackers to use applications or OS vulnerabilities such as buffer overflow. In addition, the firewall cannot block worms spread by email, all hacker attacks are attacks against host vulnerabilities by using protocols allowed by the firewall. The Anti-Virus System is Passively Protected and can only detect known viruses. However, anti-virus software cannot detect new unknown viruses. Therefore, the company's network system may be damaged during the period from the discovery of a new virus to the update of the virus pattern by the manufacturer.

Therefore, Northwestern University of Technology decided to deploy an intrusion defense system that can detect threats in time and prevent threats in real time. After strict tests and evaluations on the intrusion defense systems at home and abroad, Northwestern University of Technology finally chose the tianqing intrusion defense system provided by Starling. The tianqing intrusion defense system provides control and prevention for various P2P applications such as BT and donkey, provides good defense against various deep attacks, such as worms, overflow attacks, and SQL injection attacks.

We deploy the tianqing IPS defense engine behind the firewall, analyze the various network behaviors that pass through the border, and control and defend against various violations and abnormal behaviors according to predefined policy information. This deployment not only reduces the analysis resource overhead of the intrusion defense system (some attack behaviors are blocked by the firewall), but also enables illegal control and attack defense across the network. The current access method of the tianqing IPS console is one-to-one correspondence with the Defense engine. In the subsequent expansion project, the console can support deployment of up to 30 connections, to this end, additional deployment of security devices for each branch network (library, dormitory area, and so on) leaves room for preparation. From the perspective of system deployment, this solution can completely control the demands for P2P application abuse and control worm propagation.

Tianqing IPS not only provides real-time Intrusion Detection and Prevention functions, but also has relatively low costs. Tianqing IPS integrates with its unique dedicated devices, highly accurate detection functions, and easy-to-use management functions to help Northwestern Polytechnical University achieve its in-depth protection goals. Due to the fact that some complex behaviors are not easy to identify by simple features, user assets are not fully protected and even affect normal services. Tianqing IPS integrates attack avoidance-based blocking methods and attack feature-based blocking methods, which not only effectively improves the ability to identify various deep attacks, moreover, attackers can precisely block attack behaviors that cannot be identified by features, such as attack variants and SQL injection. In addition, tianqing IPS provides the security administrator with concise and practical analysis result information, rather than chaotic raw data, which effectively reduces the costs required for data monitoring and analysis. Tianqing IPS greatly reduces the false positive rate during the detection process, making IT staff at Northwestern University of Technology no longer have to spend precious time analyzing and tracking false positive information and threats, they can invest more energy to further improve system security.

The IPS devices are deployed in a transparent way on the front-end of the protected image. As an online deep-layer defense product, while precisely blocking attack behavior, the high availability of normal services must be guaranteed. Tianqing IPS uses the built-in Hardware Watchdog Technology and software monitoring process to monitor and handle system exceptions in real time and implement the software and hardware dubypass functions. No network fault point is added. In terms of efficiency improvement, the tianqing IPS system uses the technology of binding tasks to virtual CPUs to eliminate the waiting time and switching time for parallel processing. It allocates and efficiently utilizes hardware resources based on the characteristics of tasks, automatically selects the optimal algorithm based on the analysis task features to improve the matching efficiency; achieves microsecond-level latency, meeting the needs of telecom-level business applications.

After the project is completed, it can not only control the abuse of network resources in violation of regulations, but also resist various malicious attacks from outside, it effectively lays a solid foundation for the construction of information system security at Northwestern University of Technology, and improves the utilization efficiency of information resources. At the same time, this solution is flexible and scalable, and can fully meet the current and future work development and management needs. In addition, the use of tianqing IPS greatly reduces attack outbreaks, thus eliminating the time and personnel costs caused by attacks. It also has significant economic benefits to maintain business continuity through proactive prevention.