04/10/23 Prepared by Allen Galvan 1
Intrusion Prevention Systems (IPS)
Allen Galvan
04/10/23 Prepared by Allen Galvan 2
Introduction• We will try and answer some basic
questions so that we might better understand how Intrusion Prevention Systems fit into a comprehensive Network Security Program.
04/10/23 Prepared by Allen Galvan 3
IPS History
04/10/23 Prepared by Allen Galvan 4
What is an IDS?
• There are two types of IDSs:– Host Intrusion Detection Systems (HIDS)
• Software on hosts protects hosts:– Router– Switch– Network Appliance
– Network Intrusion Detection Systems (NIDS)• Monitor network traffic against predefined
Signatures.
04/10/23 Prepared by Allen Galvan 5
What is an IPS?
• An IPS is the Next Generation of the IDS.
– An IDS Reacts and Stops an Attack.
– On the other hand, an IPS Detects, Identifies, & Proactively Stops Unauthorized Anomalies or Malicious Attacks.
04/10/23 Prepared by Allen Galvan 6
We will Analyze two IPSs
• We will look at two IPSs:
– Cisco 4255
– TippingPoint 5000E
04/10/23 Prepared by Allen Galvan 7
How does Cisco 4255 IPS Work? Part I
• The Cisco 4255 IPS has 3 Components:
– Risk Rating Component
– Meta-Event Generator Component
– Multivector Threat Identification Component
04/10/23 Prepared by Allen Galvan 8
How does Cisco 4255 IPS Work? Part II
• Risk Rating Component– Signature Analysis– Asset Value– Attack Relevance
• Meta-Event Generator Component– Unique correlation of events to stop attacks.
04/10/23 Prepared by Allen Galvan 9
How does Cisco 4255 IPS Work? Part III
• Lastly, Multivector Threat Identification Component:
– Malware Protection (Trend Micro)– Rate Limiting– Stateful Pattern Recognition– Traffic / Protocol Analysis Detection– Custom Policies
04/10/23 Prepared by Allen Galvan 10
How does TippingPoint 5000E Work?
• Threat Suppression Engine (TSE)
– Monitors Packets
– Parallel Processing @ Gbps backplane speeds assure High Network Performance
04/10/23 Prepared by Allen Galvan 11
Cisco & TippingPoint IPS Similarities & Differences
04/10/23 Prepared by Allen Galvan 12
Cisco 4255 & TippingPoint 5000E Comparison Part I
• Both work @ Gigabit Speeds.
• Both provide Inline Protection.
• Both provide Stateful Packet Inspection.
04/10/23 Prepared by Allen Galvan 13
Cisco 4255 & TippingPoint 5000E Comparison Part II
• Cisco has a partnership with TrendMicro to protect against viruses & worms.
• Cisco uses: – Risk Rating– Multivector Threat Identification
• TippingPoint protects the network using the Threat Suppression Engine.
04/10/23 Prepared by Allen Galvan 14
Cisco Advantages
04/10/23 Prepared by Allen Galvan 15
Cisco IPS 4255 Benefits - I
• Cisco provides increased Network Availability & Performance of Mission Critical Business Applications.
• Cisco Mitigates Risk Management of Legal Liabilities.
04/10/23 Prepared by Allen Galvan 16
Cisco IPS 4255 Benefits - II
• Cisco Protects Trade Secrets & Proprietary Information.
• Cisco provides Comprehensive Policy Enforcement.
04/10/23 Prepared by Allen Galvan 17
In Conclusion
04/10/23 Prepared by Allen Galvan 18
Network Security is an Ongoing Process!
• An Intrusion Prevention System is one important part of a Network Security Program.
• The Cisco IPS 4255 System is a more comprehensive Network Security Solution than the TippingPoint 5000E IPS.