Many different types of components make up the present day organizational systems infrastructure. Every hardware device (firewalls, routers, switches, modems, various types of servers, workstations, mobile devices) incorporated into the network has its security challenges. Each organization must adequately secure each of these components because a network is only as secure as its weakest link. The most secure device is one not connected to a network. However, isolated systems have few uses in today's environments. The reality is that the devices within the infrastructure will most likely be accessible from remote devices in some way. It is important to keep in mind that every access path to the devices within the infrastructure architecture has inherent vulnerabilities.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are a set of software/hardware designed and developed to address Infrastructure Security Challenges. IDS and IPS devices and applications try to detect attempts at accessing, manipulating, and/or disabling devices within an infrastructure through a network.
IDS device are mostly passive, watching packets of data move through the network from a monitoring port, comparing the traffic to configured rules, and setting off an alert if it detects anything suspicious. IDS can detect several types of malicious traffic that would pass by a typical firewall, including network attacks against services, data-driven attacks on applications, host-based attacks like unauthorized logins, and malware like viruses, trojans, and worms. Most IDS products use several methods to detect threats - signature-based detection, anomaly-based detection, and stateful protocol analysis.
IPS is a little more advanced than IDS, and has the ability to stop malicious traffic from attacking the infrastructure. However unlike IDS, an IPS sits in line with traffic flows on a network, actively shutting down attempted attacks as they’re sent over the wire. It can stop the attack by terminating the network connection or user session originating the attack, by blocking access to the target from the user account, IP address, or other attribute associated with that attacker, or by blocking all access to the targeted host, service, or application
ATEM Corp.’s experts would help you to uncover the risks with each type of remote access and help you understand these security concepts and concerns that your organization has while managing your infrastructure.