IDS and IPS systems

Tuesday 10 November 2009

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) should be an important part of any security services you use when running a secure and mission critical site. There is a subtle but important difference between the two different systems which can dramatically affect your choice in which one to use. In our examples we will discuss the widely used SNORT open source application which is capable of both methods.

With an IDS, your system will detect any suspicious internet traffic going to your site/servers. The software can run on its own machine either in front of your web server, beside your web server on the network or be installed on the same machine. If you have a small number of sites this can be very effective as it will report all traffic that could be suspicious and allow you investigate further and if needs be, plug any security gaps within your code or server software. The main disadvantage is that an IDS will not actually stop an attack from happening so in some instances, by the time you have checked the reports and repaired the problem, the damage has already been done.

Setting up an IPS is a little more intrusive. You need to add it in front of the server on its own separate machine for it to be fully effective (usually as a network bridge). This will then block and report any traffic which looks to be dangerous and prevent it reaching the server. This is an excellent way to secure your server and web site(s) from attack, however it can prevent genuine sites working if you receive a “false positive”. It also adds a point of failure to your system so that if it crashes or needs to restart, then it can take down your websites with it. CWCS would always recommend this method despite the drawbacks though as it offers a much more rounded and secure option.

Return to blog page

Put Your Servers In Safe Hands With Our Supreme Cloud Hosting

View our services to see which of our hosting options best suits your needs.

ISO 27001 Certified

Compliant to ISO 9001:2015 & ISO 27001:2013, CWCS is independently audited for your assurance that you will receive the highest level of quality, and will ensure your information secure, intact, and only available to those authorised to access it.

G-Cloud Supplier

The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in departments of the UK Government of commodity information technology services using cloud computing.

Cyber Essentials

Cyber Essentials certifiication demonstrates our commitment to cyber security. Government and industry have worked together to produce a set of standards which helps organisations safeguard against the most common cyber threats.

Call us on 0800 1 777 000 or email us at sales@cwcs.co.uk