Letter: IPS still needs firewall

August 14, 2006

I found the feature on intrusion prevention systems in last month's issue ("Intruding on the bottom line", p30 ) very interesting.

It highlighted a common misconception concerning this key securitytechnology. What users often fail to understand is that an IPS is acomplementary technology to a firewall, not a replacement for it.

Because IPS systems are able to block attacks and provide limitedfirewall functionality, there is a mistaken belief that they can be usedin place of firewalls. But the role of an enterprise firewall is muchbroader than that. Similarly, firewalls do not provide the samefunctionality as IPS devices and cannot necessarily detect and preventattacks that specialist IPS systems can.

One of the reasons why IPS implementations have sometimes failed is thatthe purpose, capabilities and limitations of the technology have notbeen fully understood in advance. This is often seen when an IPSsolution is misguidedly deployed at an internet gateway as a hackerprevention tool. It is also unlikely that an IPS will work successfullywithout human intervention.

An IPS produces significant amounts of information about networkactivity, which requires handling by a powerful management system. Ifthis critical component is missing, an IPS will not be as effective asit can be. Therefore without a good quality firewall in place, an IPSsolution will not fill the gaps.

Paul Brettle, UK and Ireland country manager, Stonesoft.

prestitial ad