Hi, During these days I am trying to understand IPS and IDS concepts. I just want to know how is different an IPS device from Firewall in the terms of traffic blocking as I know we can handle the traffic on ASA FW by using MPF then why we require IPS. Thanks
The [firewall and IPS] products are converging, but generally an IPS is better at deep packet inspection and a firewall is better at pretty much everything else (they've been around a long time and are more mature).
Specifically to the ASA, an ASA without the AIP-SSM (the IPS module) has deep packet inspection capabilities, but doesn't have thousands of built-in signatures, with new ones added as new vulnerabilities surface. It doesn't by default protect you from most application layer attacks.
For example, here's how you can configure the ASA to defend against the "Microsoft Snapshot Viewer ActiveX Control Arbitrary File Upload Vulnerability".
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...