Wednesday, December 20, 2006

Do I Need IPS at Home?

This is a question I’ve had asked by several of your more savvy Internet users.

IPS looks deep into a network packet to see if an attack is being attempted against your network. IPS works by comparing inbound and outbound traffic on your network to a known list of attacks, this list of know attacks are called signatures. If a match is found IPS can drop the traffic before it does damage to your network devices.

Let’s start this discussion with an absolute, first-things-first, I’m assuming you have a firewall, if not, you’re crazy!!! The chances of you already being compromised are somewhere between 99% and 99.999% and you are asking the wrong question.

So….let’s change the question. I have a firewall in place do I need IPS?

Ahhh. Much better. The answer is, if you are hosting a Web Server or an FTP server or are providing an Internet service of any type, then you are letting unprotected traffic into your network and you should have an IPS device to help ensure the security of your device and data. In addition, you should have Anti Virus Protection, not only because it’s a great best practice for a home user but also because mail viruses can evade IPS because email viruses are often encrypted. IPS does not work against encrypted traffic.

If you are not hosting a web server or something similar, then your firewall should at a minimum be doing two things..
- Allowing your outbound traffic and the corresponding return traffic
- Blocking any inbound traffic sourced from the internet.

Again, regardless of if you are hosting a web server or not Anti Virus is highly recommended.

2 comments:

Rich A. said...

Greg,
What can the slightly advanced home user expect to pay for and IPS device? Are there "consumer" level devices that won't break the bank? Is there such a thing as software IPS systems that can be loaded on each host on the network that will work in a similar fashion as an anti-virus software? What about Internet Security Suites such as Norton Internet Security. On the box it says it will protect against hackers. Is that adequate protection for a basic web or FTP server?

Greg Abelar said...

Yep. Norton ISS is a good option. It won't break the bank and it includes IPS protection. Be sure you get a contract for IPS updates or any newly discovered threats can easily exploit your home server. Below is a feature list of the Norton product.

+ Automatically detects and blocks viruses, spyware, and worms
Advanced phishing protection identifies and blocks fraudulent websites
+ Rootkit Protection finds and removes hidden threats in the operating system
+ Smart firewall blocks hackers and stops spyware transmitting unauthorized information
+ Intrusion Prevention automatically shields newly discovered security vulnerabilities
+ Network protection configures security settings when logged on at home, or on public networks
+ Full System Scan performs a deep scan to remove existing viruses, spyware and other threats
+ Norton Protection Center provides a central place to easily check overall security settings
+ Includes protection updates and new product features as available throughout the renewable service period

If you have a Linix system a freeware software called SNORT has been around for a long time provides excellent protection.