Alexa metrics

Security FAQ: What are IDS & IPS?

21 November 2018 by Jenn Granger

Top ten skills 2016 careersThe world of cybersecurity is under siege every single day. With the number of DDoS attacks and digital criminals on the rise as we speak, it’s important to get to grips with the basics of how to keep your solution secure from those who want to bring you down.

We’re here to help you understand every element of your business’ security and what you can do to help make it even stronger. That’s why we’ve created a special blog series looking in-depth at your site’s security, providing you with everything you need to fight back and not get hacked!

So, without further ado, welcome to our Security FAQ series.

Today, we delve into IDS and IPS: what’s the difference and how can they help add an extra layer of protection to your site?

 

IDS vs. IPS

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are an absolute necessity when setting up a firewall for your business’ website. These systems sit directly behind your firewall analysing and sorting through the traffic that is fired their way and ensuring nothing gets through to mess with your site.

An IDS monitors traffic to your network, looking for suspicious activity such as XSS or SQL injections, and sends you an alert if anything is spotted. IDSs log this traffic if it is sent from a suspicious IP address, alerting you at once so you know something needs to be looked at more closely.

An IPS performs a very similar function. However, while IDS monitors and alerts, IPSs actively reject and block this malicious traffic.

 

Forms of malicious traffic

What is XSS?

XSS – that’s cross-site scripting to you and I – attacks occur when an untrusted data source is allowed to inject its own code into a web application, exploiting a vulnerability in the website’s code.

 

What is an SQL injection?

Similarly to an XSS, an SQL injection – or SQLi – is one of the most common hacking techniques, when hackers place (or inject) samples of malicious code in SQL (Structured Query Language) statements into your webpage, usually using a log-in, ‘enter your username’ page, to try to control your applications database server. Both XSS and SQLi can result in data loss, downtime and reputational damage to your business.

 

How do I maintain my IDS/IPS?

Certain IDSs generate thousands of alerts daily, even though not all of this traffic is suspicious. Therefore, it’s incredibly important to keep your IDS/IPS up to date with the most current signatures, allowing newly discovered malicious attempts, to be instantly blocked. A non-updated IDS/IPS database means that malicious traffic might go undetected and lead to a data breach.

That’s why a managed intrusion detection or prevention system is essential for your business, with a specialist support team on-hand at the click of a button or at the end of the phone. At UKFast, all of our IDS and IPS systems are built into our Threat Monitoring and Threat Response products house using state-of-the-art technology. Our engineers are available to answer your call 24/7/365, meaning that you always get through to a technician who knows your solution inside-out within three rings.

 

UKFast security expert about your solution and how IDS and IPS can help keep your site watertight.

Get Threat Monitoring now