10-20-2008 09:50 AM - edited 03-10-2019 04:20 AM
Hi, we have installed ASA 5505 on our production site but ASA 5505 does not support IPS feature. May I know why we need to have IPS feature as we can manage all incoming and outgoing traffic via Firewall. Can you please show the difference in the terms of Layers as IPS support which type of layer tarffic nd FW too.. Thanks
Solved! Go to Solution.
10-20-2008 11:20 AM
This all depends on the firewall. Nowadays most commercial firewalls offer some level of 'deep packet inspection' (marketing term). So both IPS and Firewalls now go all the way upto layer 7. However the coverage offered by firewall(s) is usually just basic anomalies and attacks. And usually enabling this features reduced the firewall performance very drastically, sometimes even reaching 10 times less than the regular performance (throughput, connections per second etc.).
Regards
Farrukh
10-20-2008 10:59 AM
Dear Ray
Consider the firewall as a boundary wall/fence and the IPS as the security guard/dog/camera at the door.
The ideal solution would be to have a building with no doors and windows, this would be the most secure. This is like a network without any ports open. But the reality is that we have to make doors,windows. In the same way we have to open some ports like http,https,smtp etc. on almost each network.
So this is where the IPS kicks in, just like the security camera 'looks' for any intrusions, or just how that black ugly dog can smell things; the IPS looks for intrusions as they come along those 'open' doors or ports. This could be some protocol anomaly, or it could be some NON-RFC behavior of the protocol, it could be a flood, DOS attack, worm,virus etc.
Regards
Farrukh
10-20-2008 11:07 AM
Hi Farrukh, I knew this difference. I just wanted to know IPS supports which layer traffic and what layer supports by FW in the term of filtering by blocking or permitting.
10-20-2008 11:20 AM
This all depends on the firewall. Nowadays most commercial firewalls offer some level of 'deep packet inspection' (marketing term). So both IPS and Firewalls now go all the way upto layer 7. However the coverage offered by firewall(s) is usually just basic anomalies and attacks. And usually enabling this features reduced the firewall performance very drastically, sometimes even reaching 10 times less than the regular performance (throughput, connections per second etc.).
Regards
Farrukh
10-20-2008 11:22 AM
Thanks Farrukh to share this valuable information. Thanks once again.
Ray
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: