Guide to Network Intrusion Prevention Systems
Continue reading the Guide to Network Intrusion Prevention Systems at
15 questions to ask about IPS before you buy one
Performance and management are key differentiatiors
By Joel Snyder
IPSs block traffic using three different methods ? signatures, rate control and traffic behavior. Determine which of these methods is relevant to your network, and when in doubt, get an IPS that does all three.
Key questions to ask:
1. Does the device come with a dual power supply? Since an IPS is an inline device, you want to make sure it stays up and running in the event of a power loss.
2. What are the failover options? Deploying a single IPS means you're setting up a situation in which you have a single point of failure in your security perimeter.
3. How many concurrent sessions can the device handle? The IPS system needs to be able to scale to meet peak demand.
4. How many signatures does the signature-based IPS have? Obviously, the more signatures the better.
5. Is the IPS bidirectional? You want the IPS to be looking at both inbound and outbound traffic, particularly for situations in which hackers try to take over a host machine on your network and use it as a zombie to send out massive amounts of spam, for example.
6. Does the IPS inspect packets at Layers 2-7? Some IPS devices can inspect packets through Layer 4, others can look at traffic all the way to Layer 7.
7. How easy is configuration? Configuration is a huge issue with IPS devices. You need to tune the device so that it doesn't become a source of false positives, on the one hand, and doesn't let in malicious traffic, on the other hand.
8. Does the IPS process traffic at wire speed? IPS vendors claim wire-speed throughput, but real-world throughput is typically much lower. Be sure to test throughput on your network.
9. What is the latency? Particularly with VoIP traffic and video, you need to make sure that latency doesn't become an issue.
10. What types of alerts does the IPS issue? Many customers simply don't trust a device to take remedial action on its own and would rather receive an alert before responding to an attack. Customers need to decide how they want the device to respond to various types of attacks.
11. What specific actions does the IPS take when an intrusion occurs? Again, you may want the IPS to simply block the attack, or you may want it to block the attack and notify you immediately. You may want it to perform forensics and to issue reports on an attack, as well.
12. What type of management system does the IPS have? Especially if you have multiple devices, you want a management system that allows you to perform updates, fine tune the settings and get reports efficiently.
13. What does the dashboard look like? Is it intuitive and easy to use?
14. What type of forensics can the device perform? You want an IPS that can analyze attacks and point out vulnerabilities in your network defenses.
15. What type of reports can the device deliver? You want reports that are succinct and provide high-level intelligence in terms of significant security events on your network.
- Sponsored Resource:How does your network security compare to those of your peers? Visit the CDW Security Center to find out.
- Sponsored Resource:Learn more about ultra light notebooks from Asus and the best warranty in the industry.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Get the truth about remanufactured ink. Learn more from HP.
- Sponsored Resource:Six smart ways to grow small business IT
News For Your Business
- End-to-End App Management
- WiMax's Woes Are a Boon to MobileAccess
- Western Digital's Home NAS Array
- Patch Management Needs Patching
- Five Mistakes Security Pros Would Make Again
Community Comments