While designing Data Center infrastructure, Network Architects should be well versed of functionality of IPS/IDS (Intrusion Prevention System/Intrusion Detection System) and WAF (Web Application Firewall). In order to protect critical assets in Data Centers, it becomes all important to know how to size, place these systems as per their functionalities and services supported.
A brief on IPS/IDS and WAF is shared below –
An Intrusion Prevention System (IPS) looks for anomalies in network traffic and alerts operation staff that a DoS attack is underway (IDS functionality), and block the traffic (IPS functionality). The main benefit here is the alerting capability though, notifying operations people so they can swing into action and keep services up.
Related – IDS vs IPS in 2020
WAF deployments are focused on web applications traffic, while IPS deployments are typically done at the network level inspecting all packets.
Further comparison between WAF and IPS/IDS is shared in the below table –
|Abbreviation for||Web Application firewall||Intrusion Prevention System/Intrusion Detection System|
|Functionality||WAFs are designed to protect web applications/servers from web-based attacks that IPSs cannot prevent.||Analyze traffic for signatures or policy violations|
|Placement||Placed before Web facing applications in web facing/DMZ zone of network||Generally on the exit entry points i.e. perimeter of network|
|Scope||HTTP/HTTPS applications||Network protocols and network applications|
|Works at||Layer 7||Layer 4-7|
|Deployment||Explicit reverse proxy , Transparent mode, connected via TAP or through SPAN port||Transparent mode, connected via TAP or through SPAN port|
|SSL Offload functionality||Yes||No|
|Perform Server Load balancing||Yes||No|
|Performs User authentication||Yes||No|
|DDOS protection||At Layer 7||Yes|