Rashmi Bhardwaj | Blog,BUZZ,Security


While designing Data Center infrastructure, Network Architects should be well versed of functionality of IPS/IDS (Intrusion Prevention System/Intrusion Detection System) and WAF (Web Application Firewall). In order to protect critical assets in Data Centers, it becomes all important to know how to size, place these systems as per their functionalities and services supported.

A brief on IPS/IDS and WAF is shared below –

An Intrusion Prevention System (IPS) looks for anomalies in network traffic and alerts operation staff that a DoS attack is underway (IDS functionality), and block the traffic (IPS functionality). The main benefit here is the alerting capability though, notifying operations people so they can swing into action and keep services up.


Web Application Firewall (WAF) , work with web applications almost exclusively.WAFs must understand not just protocol behavior, like HTTP GET, POST, HEAD, etc. but also JavaScript, SQL, HTML, XML, Cookies, etc. Web Application Firewall will filterDDoS traffic before it reaches the applications behind it.

Related – IDS vs IPS in 2020

WAF deployments are focused on web applications traffic, while IPS deployments are typically done at the network level inspecting all packets.

Further comparison between WAF and IPS/IDS is shared in the below table –




Abbreviation forWeb Application firewallIntrusion Prevention System/Intrusion Detection System
FunctionalityWAFs are designed to protect web applications/servers from web-based attacks that IPSs cannot prevent.Analyze traffic for signatures or policy violations
PlacementPlaced before Web facing applications in web facing/DMZ zone of networkGenerally on the exit entry points i.e. perimeter of network
Inspection ofSessionsPackets
ScopeHTTP/HTTPS applicationsNetwork protocols and network applications
  • Protects Application
  • Looks for malicious logic
  • Enforces logic and behaviour
  • Protects OS and Application
  • Enforces protocols
  • Looks for malicious payloads
Works atLayer 7Layer 4-7
DeploymentExplicit reverse proxy , Transparent mode, connected via TAP or through SPAN portTransparent mode, connected via TAP or through SPAN port
Detection Algorithms
  • Signature based
  • Anomaly detection
  • Heuristics
  • Signature based
  • Protocol based
  • Anomaly detection
  • Heuristics
SSL Offload functionalityYesNo
Perform Server Load balancingYesNo
Performs User authenticationYesNo
DDOS protectionAt Layer 7Yes
FunctioningWAF operates at the application layer where HTML, XML, Cookies, Javascript, ActiveX, Client requests, and Server responses functionAnalyze traffic for signatures or policy violations
Encryption/DecryptionSupportedNot Supported
Inspection ofSessions where HTML, XML, Cookies, Javascript, ActiveX, Client requests, and Server responses workSystems that analyze traffic for signatures or policy violations


Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart