HOW IS IPS/IDS DIFFERENT FROM WAF

how-is-ipsids-different-from-waf

While designing Data Center infrastructure, Network Architects should be well versed of functionality of IPS/IDS (Intrusion Prevention System/Intrusion Detection System) and WAF (Web Application Firewall). In order to protect critical assets in Data Centers, it becomes all important to know how to size, place these systems as per their functionalities and services supported.

A brief on IPS/IDS and WAF is shared below –

An Intrusion Prevention System (IPS) looks for anomalies in network traffic and alerts operation staff that a DoS attack is underway (IDS functionality), and block the traffic (IPS functionality). The main benefit here is the alerting capability though, notifying operations people so they can swing into action and keep services up.

Web Application Firewall (WAF) , work with web applications almost exclusively.WAFs must understand not just protocol behavior, like HTTP GET, POST, HEAD, etc. but also JavaScript, SQL, HTML, XML, Cookies, etc. Web Application Firewall will filterDDoS traffic before it reaches the applications behind it.

Related – IDS vs IPS in 2020

WAF deployments are focused on web applications traffic, while IPS deployments are typically done at the network level inspecting all packets.

Further comparison between WAF and IPS/IDS is shared in the below table –

PARAMETER

WAF

IPS/IDS

Abbreviation for Web Application firewall Intrusion Prevention System/Intrusion Detection System
Functionality WAFs are designed to protect web applications/servers from web-based attacks that IPSs cannot prevent. Analyze traffic for signatures or policy violations
Placement Placed before Web facing applications in web facing/DMZ zone of network Generally on the exit entry points i.e. perimeter of network
Inspection of Sessions Packets
Scope HTTP/HTTPS applications Network protocols and network applications
 Benefits
  • Protects Application
  • Looks for malicious logic
  • Enforces logic and behaviour
  • Protects OS and Application
  • Enforces protocols
  • Looks for malicious payloads
Works at Layer 7 Layer 4-7
Deployment Explicit reverse proxy , Transparent mode, connected via TAP or through SPAN port Transparent mode, connected via TAP or through SPAN port
Detection Algorithms
  • Signature based
  • Anomaly detection
  • Heuristics
  • Signature based
  • Protocol based
  • Anomaly detection
  • Heuristics
SSL Offload functionality Yes No
Perform Server Load balancing Yes No
Performs User authentication Yes No
DDOS protection At Layer 7 Yes
Functioning WAF operates at the application layer where HTML, XML, Cookies, Javascript, ActiveX, Client requests, and Server responses function Analyze traffic for signatures or policy violations
Encryption/Decryption Supported Not Supported
Inspection of Sessions where HTML, XML, Cookies, Javascript, ActiveX, Client requests, and Server responses work Systems that analyze traffic for signatures or policy violations

Related Posts

About The Author

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency
USD United States (US) dollar