IDS and IPS FAQs
Is a firewall an IDS or IPS?
Yes. True next-generation firewalls contain IDS and IPS functionality. However, not all firewalls are next-generation firewalls. Also, a firewall blocks and filters network traffic, while IDS and IPS detect and alert or block an exploit attempt, depending on configuration. IDS and IPS act on traffic after the firewall filters the traffic, according to configured policy.
How are IDS and IPS implemented?
An Intrusion Detection System (IDS) is responsible for identifying attacks and techniques and is often deployed out of band in a listen-only mode so that it can analyze all traffic and generate intrusion events from suspect or malicious traffic.
An Intrusion Prevention System (IPS) is deployed in the path of traffic so that all traffic must pass through the appliance to continue to its destination. Upon detection of malicious traffic, the IPS breaks the connection and drops the session or traffic.
Can an IPS block traffic?
Yes. An IPS constantly monitors traffic for known exploits to protect the network. The IPS then compares the traffic against existing signatures. If a match occurs, the IPS will take one of three actions: 1) detect and log the traffic, 2) detect and block the traffic, or 3) (the recommended option) detect, log, and block the traffic.
What can an IDS detect?
An IDS detects threats based on patterns of known exploits, malicious behaviors, and attack techniques. An effective IDS also detects evasive techniques attackers use to hide exploits, such as remote procedure call (RPC) fragmentation, HTML padding, and other types of TCP/IP manipulation.
Learn more about what Juniper IDS/IPS can detect and block on our Signatures page.
Can an IPS prevent DDoS?
An IPS can prevent certain types of DDoS (distributed denial of service) attacks. For example, application denial of service (AppDoS) attacks are one of the threat categories that IPS functionality can identify and protect against. However, volumetric DDoS threats require a dedicated solution like Juniper’s Corero DDoS offering.
What IDS and IPS technologies, solutions, and products does Juniper offer?
Juniper offers both IDS and IPS solutions via a single software subscription deployed on any of Juniper’s next-generation firewall products and services: physical, virtual, and containerized SRX firewalls, or as a service within Juniper Secure Edge.