Page 70 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 70

Information  Security and Privacy




                    Notes          Others are derived from a combination with firewall products, such as Juniper’s SSG or Cisco’s
                                   Adaptive Security Appliances (ASA). And still others were derived from the ground up as a UTM
                                   appliance such as Fortinet or Astero. The main feature of a UTM is that it includes multiple
                                   security features on one appliance. IPS is merely one feature.
                                   Access Control is also an entirely different security concept. Access control refers to general
                                   rules allowing hosts, users or applications access to specific parts of a network. Typically, access
                                   control helps organizations segment networks and limit access.

                                   While an IPS has the ability to block access to users, hosts or applications, it does so only when
                                   malicious code has been discovered. As such, IPS does not necessarily serve as an access control
                                   device. While it has some access control abilities, firewalls and Network Access Control (NAC)
                                   technologies are better suited to provide these features.

                                                         Figure 5.2:  Intrusion Prevention  System





























                                     Did u know? The term “Intrusion Prevention System” was coined by Andrew Plato who
                                     was a technical writer and consultant for *NetworkICE.

                                   5.6.1 Types of Intrusion Prevention System

                                   Host-based IPS (HIPS)


                                   A host-based IPS is one where the intrusion-prevention application is resident on that specific IP
                                   address, usually on a single computer.  HIPS compliments traditional finger-print-based  and
                                   heuristic anti-virus detection methods, since it does not need continuous updates to stay ahead
                                   of new malware. As ill-intended code needs to modify the system or other software residing on
                                   the machine to achieve its evil aims, a truly comprehensive HIPS system will notice some of the
                                   resulting changes and prevent the action by default or notify the user for permission.
                                   Extensive use of system resources can be a drawback of existing HIPS, which integrate firewall,
                                   system-level  action control  and sandboxing  into a  coordinated detection  net, on  top  of  a
                                   traditional AV product.






          64                                LOVELY PROFESSIONAL UNIVERSITY
   65   66   67   68   69   70   71   72   73   74   75