Intrusion Detection and Prevention Systems (IDS/IPS)
Intrusion detection and prevention systems (IDS/IPS) are systems that monitor your network and/or system logs in order to identify, log, block and report potential threats or incidents against your network. Some administrators will also use IDS/IPS to identify problems with security policies and strengthen them. Both IDS and IPS are important additions to any organization’s security infrastructure, and often are integral to stopping attackers as they are gathering information about your network and systems.
Both Intrusion Detection and Prevention Systems work by actively monitoring network traffic and/or system logs for suspicious patterns. For example, an unusually high volume of data being directed to an external IP —- maybe one based in a country your organization does not do work in — might trigger an IDS/IPS system alert. Once unusual activity is identified, IDS/IPS will send alerts to a specified contact, such as the system administrator, but the IPS will also integrate firewall-like functions to make active changes to block the suspicious traffic or activity. IDS/IPS contains databases of regularly updated attack signatures and it compares the inbound traffic against to the database. The main function of an IDS product is to warn you of suspicious activity taking place so that necessary follow up action can be taken.
Managed Firewalls Already Include IDS/IPS Capability
The purpose of a firewall is to reduce or eliminate unwanted network communications and allow valid communication to flow freely. It sits in front of your network and the Internet, protecting the network by filtering incoming and outgoing network traffic. Firewalls analyze data such as packet header on protocol type, source address, destination address, source and/or destination ports, and block or drop traffic that does not match preset rules. Firewalls can also filter access to external networks, establish secure VPN connections for hybrid cloud functionality. Newer firewalls, now called Next Generation Firewalls (NGFW), also act as both traditional firewall and deliver IDS/ IPS features.
All SimplerCloud’s managed firewall services include IDS and IPS capabilities, and configuration of IDS/IPS is included under the managed firewall service. For SimplerCloud VM ranges like Simple Cloud, Custom Cloud and Virtual Private Cloud (VPC) plans, customers can install their own IDS/IPS software. They can also request installation, and management of well-known IDS/IPS software such as OSSEC under our Managed IDS/IPS service.
If your server is on the Internet but not within its own private network, you can still deploy firewall-like protection for your server. Host-based Firewalls, such as iptables on Linux or Windows Firewall on Windows, can be set up for Virtual Machine plans that are not within their own VLAN, such as server plans from the Simple and Custom Cloud range. Host-based firewalls can also be installed on individual Virtual Machines (VMs) within Private Clouds. Hybrid and private cloud platforms can deploy shared or as direct firewall in front of private cloud networks in our data center.
More about Managed Firewall services at SimplerCloud.
Managed Intrusion Detection / Prevention System (IDS/IPS) Service
Managed IDS/IPS Service
This is a managed host-based IDS/IPS (Intrusion Detection/Prevention System) service provided by SimplerCloud. The service includes installation of a host-based IDS/IPS agent on your server, which will send system logs and traffic information to our centralized IDS/IPS server. It will detect any suspicious traffic and automatically send email alerts to a designated email address (for example, your system administrators) and at the same time, automatically block the offending source IP from reaching your server.
The Features of Managed IDS/IPS Service:
- Host-based Intrusion Detection System (HIDS): Actively monitors and analyzes data from multiple log data points in a real-time basis, and automatically sends an email alert when suspicious traffic to your server is detected.
- Active Response / IPS Capability: The IPS module responds to any suspicious traffic or attempted attack by automatically block the offending source IP from reaching your server for certain period of time.
- Rootkit and Malware Detection: Detects malicious applications and root-kits by performing process-level and file-level analysis.
- Low Footprint IDS/IPS Agent: Only the IDS/IPS agent will need to be installed on your servelet / server, while the IDS/IPS processing will be done on our centralised IDS/IPS management console. Low foot-print which will not affect your server’s performance.