Here we will talk about basic network security appliances. These appliances keep an eye on the traffic and alerts the administrator is anything wrong is detected. These devices play an important role in achieving network security.
IPS & IDS
Two common security appliances are an IPS and an IDS. IPS stands for Intrusion Prevention System and IDS stands for Intrusion Detection System. An IPS is an active system that sits on the network and intercepts network traffic, analyses and stops anything deemed malicious. Whereas IDS is a passive system; it doesn’t stop network traffic. It sets alerts and sends messages if something happens, but it does not stop anything. IPS and IDS appliances can be behaviour based or signature based, network based or host based. It’s good to have a combination of things for maximum network security.
Vulnerability scanners are tools that allow us to check and audit devices on our network to see if there are any known weaknesses. Two vulnerability scanners are Nessus and Nmap. Nessus scans for known vulnerabilities and provides account and auditing. It is run on a scheduled scan cycle. Nmap conducts scanning to look for open ports and protocols, services running on ports and OS fingerprinting.
Capturing methods are ways of detecting and analysing suspicious activity. Two capturing methods are honey pots and honey nets. A honey pot is an intentionally vulnerable machine in order to lure an attacker and try to goad them into attacking that machine. A honeypot is useful if the prospective attacker does not figure out it is a honeypot. A honey net is an entire network of honey pots. Honey pots are more intricate as well as more convincing at looking at a large enterprise for a would-be attacker.