• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

IPS vs UTM

E

ericmachine

n00b
Joined
Aug 14, 2012
Messages
33
Hi everyone,

I just want to check the validity of the information.

Few weeks back, 1 vendor of a network appliance told me this:-

UTM - antispam, antivirus - better for cloud and storage (can't do much with hackers)
IPS - more to prevent hackers, can prevent hackers to hack PRI line, etc.

So UTM and IPS are totally different thing?

And these 2 are not firewall too?

Any help? Thanks.
 
UTM usually provides additional servers to firewalls such as antispam, antivirus, antispyware, content filtering on top of a basic firewall system.
IDS looks for suspicious activity such as various attack behaviors and monitors/reports/optionally prevents.

IDS is usually included in basic firewalls, deep IDS is usually included in most UTM packages. So if you have a UTM, most likely it includes IDS.
 
No, IDS is a Detection system, IPS is a Prevention system. Quite often they are on the same device though. An IDS sits "in the firewall" and an IPS sits in front of the firewall blocking it before it even comes in. If you are using something like Untangle or a UTM, they quite often do both.
 
True...IDS is more old type...they've pretty much all evolved to IPS...which is basically IDS that takes action (prevents) instead of just monitoring...yet born more out of marketing/sales types as it evolved and they tried to one-up their sales pitch over older IDS systems. Just..old habit of mine, still label it as IDS...although yes by todays standards it's not really accurate.
 
There is also IDP which is the same as IPS, depends on which manufacturer you are speaking to they will call their stuff either IDP or IPS.

IDP is (if im not mistaken) what Juniper calls an IPS. IDP = Intrusion Detection and Prevention. While IPS (which is the same) stands for Intrusion Prevention System (compared to IDS which stands for Intrusion Detection System). An IDP/IPS is an IDS in blocking mode (or the other way around, an IDP/IPS in allow mode (log only) behaves like an IDS).

Something to watch out for when it comes to IDP/IPS (whatever name you might prefer ;-) if the use of fail-safe and fail-open (even these "features" can be named differently depending on manufacturer).

If fail-safe is enabled then the IDP/IPS will let packets through if all buffers are full (which if you ask me is bad because then its not a IDP/IPS any longer but rather an IDS (it can detect bad stuff but it will not stop it)). This can happen during some sort of flood (lets say DDoS) or broadcast storm.

Fail-open means that if the power goes down then the IDP/IPS will let packets through (which in my opinion is as bad as above and would also classify the hardware as an IDS rather than an IDP/IPS).

Except for UTM and IPS equipment there is also nowadays NGFW stuff (NextGeneration Firewall).

The definition of NGFW is according to Gartner based on the definition made by PaloAlto Networks. Which in short can be described as UTM with addition of IPS, SSL (and SSH) decryption, Application identification and User identification (and maybe something else I missed).

You can visit NSS Labs to see a list of vendors thats according to NSS classifies as NGFW today.

And in http://hardforum.com/showthread.php?t=1709121 you can see a discussion regarding PaloAlto if you are interrested.
 
You must log in or register to reply here.
Back
Top