While designing Data Center infrastructure, Network Architects should be well versed of functionality of IPS/IDS (Intrusion Prevention System/Intrusion Detection System) and WAF (Web Application Firewall). In order to protect critical assets in Data Centers, it becomes all important to know how to size, place these systems as per their functionalities and services supported.
A brief on IPS/IDS and WAF is shared below –
An Intrusion Prevention System (IPS) looks for anomalies in network traffic and alerts operation staff that a DoS attack is underway (IDS functionality), and block the traffic (IPS functionality). The main benefit here is the alerting capability though, notifying operations people so they can swing into action and keep services up.
A Web Application Firewall (WAF) , work with web applications almost exclusively.WAFs must understand not just protocol behavior, like HTTP GET, POST, HEAD, etc. but also JavaScript, SQL, HTML, XML, Cookies, etc. Web Application Firewall will filterDDoS traffic before it reaches the applications behind it.
Related – IDS vs IPS in 2020
WAF deployments are focused on web applications traffic, while IPS deployments are typically done at the network level inspecting all packets.
Further comparison between WAF and IPS/IDS is shared in the below table –
PARAMETER | WAF | IPS/IDS |
|---|---|---|
| Abbreviation for | Web Application firewall | Intrusion Prevention System/Intrusion Detection System |
| Functionality | WAFs are designed to protect web applications/servers from web-based attacks that IPSs cannot prevent. | Analyze traffic for signatures or policy violations |
| Placement | Placed before Web facing applications in web facing/DMZ zone of network | Generally on the exit entry points i.e. perimeter of network |
| Inspection of | Sessions | Packets |
| Scope | HTTP/HTTPS applications | Network protocols and network applications |
| Benefits |
|
|
| Works at | Layer 7 | Layer 4-7 |
| Deployment | Explicit reverse proxy , Transparent mode, connected via TAP or through SPAN port | Transparent mode, connected via TAP or through SPAN port |
| Detection Algorithms |
|
|
| SSL Offload functionality | Yes | No |
| Perform Server Load balancing | Yes | No |
| Performs User authentication | Yes | No |
| DDOS protection | At Layer 7 | Yes |
| Functioning | WAF operates at the application layer where HTML, XML, Cookies, Javascript, ActiveX, Client requests, and Server responses function | Analyze traffic for signatures or policy violations |
| Encryption/Decryption | Supported | Not Supported |
| Inspection of | Sessions where HTML, XML, Cookies, Javascript, ActiveX, Client requests, and Server responses work | Systems that analyze traffic for signatures or policy violations |
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
