FW v/s IPS

Answered Question
Oct 20th, 2008

Hi, we have installed ASA 5505 on our production site but ASA 5505 does not support IPS feature. May I know why we need to have IPS feature as we can manage all incoming and outgoing traffic via Firewall. Can you please show the difference in the terms of Layers as IPS support which type of layer tarffic nd FW too.. Thanks

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 1 month ago

This all depends on the firewall. Nowadays most commercial firewalls offer some level of 'deep packet inspection' (marketing term). So both IPS and Firewalls now go all the way upto layer 7. However the coverage offered by firewall(s) is usually just basic anomalies and attacks. And usually enabling this features reduced the firewall performance very drastically, sometimes even reaching 10 times less than the regular performance (throughput, connections per second etc.).

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Mon, 10/20/2008 - 10:59

Dear Ray

Consider the firewall as a boundary wall/fence and the IPS as the security guard/dog/camera at the door.

The ideal solution would be to have a building with no doors and windows, this would be the most secure. This is like a network without any ports open. But the reality is that we have to make doors,windows. In the same way we have to open some ports like http,https,smtp etc. on almost each network.

So this is where the IPS kicks in, just like the security camera 'looks' for any intrusions, or just how that black ugly dog can smell things; the IPS looks for intrusions as they come along those 'open' doors or ports. This could be some protocol anomaly, or it could be some NON-RFC behavior of the protocol, it could be a flood, DOS attack, worm,virus etc.

Regards

Farrukh

ray_stone Mon, 10/20/2008 - 11:07

Hi Farrukh, I knew this difference. I just wanted to know IPS supports which layer traffic and what layer supports by FW in the term of filtering by blocking or permitting.

Correct Answer
Farrukh Haroon Mon, 10/20/2008 - 11:20

This all depends on the firewall. Nowadays most commercial firewalls offer some level of 'deep packet inspection' (marketing term). So both IPS and Firewalls now go all the way upto layer 7. However the coverage offered by firewall(s) is usually just basic anomalies and attacks. And usually enabling this features reduced the firewall performance very drastically, sometimes even reaching 10 times less than the regular performance (throughput, connections per second etc.).

Regards

Farrukh

ray_stone Mon, 10/20/2008 - 11:22

Thanks Farrukh to share this valuable information. Thanks once again.

Ray

Actions

This Discussion