Thinking About Moving Your Organization To The Cloud?
LAN Infotech Can Help. Call: (954) 717-1990

Your firewall is there to keep intruders out—but are you actively monitoring your firewall? Proactive Threat Protection is not quite the same thing as an Intrusion Protection System (IPS). To have the most secure endpoint and firewall protection, you really need both to have the best Intrusion Prevention on your firewall.

The main question IPS asks is: How and when do you know if a malicious actor attempts to gain illegal entry to your network?

Another question is: Are your current configurations sufficient to prevent a would-be intruder from getting through?

With LAN Infotech, you have a security monitoring team who will monitor and manage your firewalls, identity (or intrusion) detection systems (IDS), and identity/intrusion prevention systems.

One of the leading causes of vulnerabilities that lead to data breaches is the misconfiguration of Firewall/IPS/IDS settings. We mitigate this problem by offering use of these devices on a managed basis at a predictable cost.

We offer a Managed Firewall as a Service (FWaaS) program that is designed to take the headaches out of managing this critical piece of your infrastructure. Our diligent firewall protection and monitoring provide the following:

  • Auditing existing rules.
  • Unifying your compliance, risk, and security policy functions as they relate to firewall management.
  • Establishing a consistent firewall change workflow.

The Difference Between IPS and IDS

If an IPS is a control tool, then an IDS is a visibility tool. Intrusion Detection Systems sit off to the side of the network, monitoring traffic at many different points, and provide visibility into the security posture of the network. A good analogy is to compare an IDS with a protocol analyzer. A protocol analyzer is a tool that a network engineer uses to look deep into the network and see what is happening, in sometimes excruciating detail. An IDS is a “protocol analyzer” for the security engineer. The IDS looks deep into the network and sees what is happening from the security POV.

IPS as Compared to Enterprise Firewalls

IPS acts like an enterprise firewall, but inside out: it has rules, maybe hundreds, maybe thousands. Most of those rules are “deny” rules: “block this known security problem.” When a packet shows up at the IPS, the IPS looks through its rule list from top to bottom, looking for some reason to drop the packet. At the end of the list, though, is an implicit “pass” rule: “allow this packet through.” Thus, in the absence of a reason to drop the traffic, the IPS passes it through.

Intrusion prevention systems and firewalls are control devices. They sit in-line between two networks and control the traffic going through them. This means that the IPS is on the policy side of your security house. It’s going to implement or enforce a particular policy on what traffic is or is not allowed through.

Proper IPS and IDS monitoring will help you pinpoint the following:

  • Security policy violations, such as systems or users who are running applications against policy
  • Infections, such as viruses or Trojan horses that have partial or full control of internal systems, using them to spread infection and attack other systems
  • Information leakage, such as running spyware and key loggers, as well as accidental information leakage by valid users
  • Configuration errors, such as applications or systems with incorrect security settings or performance-killing network misconfiguration, as well as misconfigured firewalls where the rule set does not match policy
  • Unauthorized clients and servers including network-threatening server applications such as DHCP or DNS service, along with unauthorized applications such as network scanning tools or unsecured remote desktop.

IPS is very good at detecting “drive-by” downloads of malware and fake antivirus scanner web pages, which Auto-Protect cannot prevent. In today’s complex threat environment, this technology is an effective complement to antivirus technology, and its usage should be considered a necessity on any network that is connected to the Internet.

IPS and Servers

IPS is also fully compatible with Windows server operating systems.

Intrusion Defined

Intrusion, as a term defined by IT systems management, covers a lot of ground. It can indicate someone – an intruder – actively trying to break into a network. But can we call the occurrence of a virus infecting PC an “intrusion?” Is someone who’s performing network reconnaissance an intruder…or, merely someone doing “research”?

And, if a malicious actor is ostensibly in the network legitimately – like an employee or guest – when do their actions become legitimate intrusions? The better IPS will know, and will flag what appears as a malicious intrusion as such and deny passage.

IPS and Unified Threat Management (UTM)

The obvious affinity of firewalls and IPS from a topological point of view has led us to the world of UTM, where an IPS is incorporated into the firewall. UTMs let you have both security services (blocking security threats, allowing known good traffic) into a single device. We’ll talk about the ultimate in compression of IPS and firewall, the UTM (Unified Threat Management) firewall later.

The main reason to have an IPS is to block known attacks across a network. When there is a time window between when an exploit is announced and you have the time or opportunity to patch your systems, an IPS is an excellent way to quickly block known attacks, especially those using a common or well-known exploit tool.

Of course, IPSes can provide other services. As product vendors search to differentiate themselves, IPSes have become rate-limiting tools (which is also helpful in Denial of Service mitigation), policy enforcement tools, data leak protection tools, and behavior anomaly detection tools. In every case, though, the key function of the IPS is a control function.

Get Better Intrusion Prevention Solutions Now!

To get the network protection assurance you require, give LAN Infotech a call at (954) 717-1990 or send us an email at sales@laninfotech.com to get started. With our intrusion prevention on your firewall you can say goodbye to worry about cyberthreats, intrusions, and malicious actors – both internal and external!