Advantages and dis-advantages of IPS/IDS - Essay Example

Advantages and Disadvantages of IPS/IDS Introduction: IDS or Intrusion Detection System is a system that enables detection of wrong, erroneous, or abnormal activity. It is generally used to detect whether a computer system has been intruded in any unauthorized manner or not. An IPS or Intrusion Prevention System is enables dynamically dropping data packets or cut off unauthorized connections. The present study focuses on the advantages and disadvantages of IPS/IDS.Advantages of Using an Integrated CISCO IPS/IDS Solution:Although snort performs detection and prevention of abnormal activities within a system, yet the benefits of Cisco IDS/IPS are more.

This is because the wireless and the network features of IDS/IPS of the Cisco WLC and Cisco IPS platforms respectively are major constituents of an integrated, in-depth defensive means to security of WLAN. It performs harmonizing and mutual roles in detection of threats and improvement on a WLAN. Secondly, the corresponding roles of wireless and network IDS/IPS facilitate the similar principles and strategies of threat recognition and alleviation engaged on a wired network that might be extended to a WLAN.

Disadvantages of Using an Integrated CISCO IPS/IDS Solution:The disadvantages in regard to the integrated use of IPS/IDS solution arise primarily from the increasing risks and threats of security making the challenges severe day by day with malware being capable of distantly taking advantage of vulnerabilities in the systems. Moreover, additional capabilities of an organization might be required in order to make the best use of this solution. Difference between Inline Mode and Promiscuous Mode:The differences between inline mode and promiscuous mode may be understood as follows.

A sensor that has its operations in inline mode has the option to drop the data packet that activates a signature before reaching the target destination. Contrary to this, a sensor operating in promiscuous mode cannot perform this act. Secondly, operation in inline mode offers higher security from Internet issues as compared to promiscuous operating mode. Thirdly, inline mode operation gives further protection from atomic attacks than what can be achieved by promiscuous mode.Best Practice to Consider in Regard to Signature Updates:For the purpose of utmost protection, the best practice that is considered is to keep the IDS/IPS signatures up-to-date.

If this is not done, several harmful malwares may be capable of affecting the systems since there are variants available. Organizations are hence required to be careful and take the necessary steps in this regard to achieve this function. Regular updating of signatures enables a global defensive measure for the protection of systems within an organization.Conclusion:From the above study it can be concluded that as far as the IPS/IDS integration is concerned, there are both advantages and disadvantages of the process.

However, with the rising risks of security of systems, effective measures need to be considered in order to keep the systems away from the attacks of malwares and other harmful security attacks.