IPS vs WAF
Ғылым және технология
An Intrusion Prevention System (IPS) is designed to block malicious traffic from accessing your network. And, a Web Application Firewall (WAF) is also designed to block malicious traffic. So, what's the difference between the two? In this video, John outlines the differences and similarities between IPS and WAF with some specific information about protocol support.
Пікірлер: 34
Simple explanation without going into details, great video!
@devcentral
4 жыл бұрын
glad you enjoyed it!
Hello John, now a days there are vendor building IPS engine which is even having awareness about the users and reputations too.
Very well explained, like to see more
@devcentral
3 жыл бұрын
glad you enjoyed it!
very well explained. Thank you
@devcentral
3 жыл бұрын
glad you enjoyed it!
When do you think i need to go for a WAF and when should i go for an IPS.WAF as per my understanding is more specific to web servers and is seldom used for other assets in the infrastrucuture where as IPS can be used for any components within the infrastructure.If someone can help me understand where i can place these in the network would be great.
great content. thanks
@devcentral
2 жыл бұрын
Glad you liked it and thanks for the comment!!
Thanks for the presentation. Would it be an overkill to have an IPS and a WAF connected serially as I understand while WAF will look deeper on the TOP10 vulnerabilities, an IPS would have a broader database? Thank you
@devcentral
5 жыл бұрын
It wouldn't be overkill as both devices do different things, but just keep in mind the complexity and latency introduced with daisy-chaining security devices. Unfortunately, there's not a security device that "does it all" today...so you have to introduce multiple devices to accomplish all the security needs you have. That said, it's better to have a central point of coordination/orchestration for managing security devices if you can do that...essentially one place to decrypt the traffic and then send it to all the different devices and then re-encrypt and send it on to the destination.
@patomigu
4 жыл бұрын
Max Spekle I’ll recommend you deploy WAF and IPS in the cloud , with other threat protect stuffs while you deploy a RASP to secure the on premise app. See www.baffinbaynetworks.com and contrastsecurity.com
Very good comparision, can you plz comment if ng ips like sourcefire which uses snort which is basically used in some waf also can provide somewhat similar protection like waf
@devcentral
4 жыл бұрын
Hi Syed, great question! You are correct that more modern Next Gen Firewalls have advanced capabilities that provide similar "WAF-like" protection. So, as technology improves, some of the newer, more advanced NGFW will be able to do some of these WAF functions. Having said that, I would still recommend a WAF because it can very typically do more than a NGFW and you will very likely want the protection of both the NGFW and the WAF. I hope this helps!
is it an advantage to use some fibre say between 2 switches on the backplane with spf, use a splitter cable and only the tx of the 3rd spf (pretty much a physical man in the middle but for network security), as even dns query would not return from the middle machine with packet filtering firewall rules and packet inspection, have daul nic board with shared port spf modules tx and rx to force a physical route change
Hi John, lot of points you mentioned in the WAF section(session awareness, protocol support, rate limiting(thresholding)) are already available in IPS solutions (snort, suricata). I generally like your videos but there is lot of misinformation in this video.
Nicely explained.
@devcentral
3 жыл бұрын
glad you enjoyed it!
@JigarShah8568
3 жыл бұрын
@@devcentral Yes, ofcourse 😉
How does the WAF protect against HTTPS if the data is encrypted and therefore the WAF wouldn't understand it?
Peyton Manning’s son is Killin’ this Cyber stuff!
IPS knows protocols too, otherwise how can it detect the malicious code/payload, right?
most of the firewall now a days are stateful which basically means they keep well track of the user in the state table...and yes IPS are are also now a days very aware about the session
@lidoratar2509
4 жыл бұрын
yeah that's what i thought the seccond he said that, for example in Checkpoint there is a feature called "identity awareness"/
@labeveryday5279
3 жыл бұрын
I am not sure if IPS can protect against advanced web Application Attacks like Blind SQL Injection attacks, Cross Site Scripting, Command Injection, file upload vulnerabilities...The IPS is more of a signature based and more relevant against Network and Transport layer attacks with few Application Layer Attacks to go with it whereas WAF is likely to protect against all Application layer attacks.
IPF is also behaviour based
Are you writing on glass with the camera reversed? Nice setup.
@devcentral
5 жыл бұрын
thanks! here's a behind the scenes view of how we do it: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
@ForTheNerds
5 жыл бұрын
@@devcentral This set up is simple but the nicest I've seen for describing things. When I steal this I'll post a shout out link. Thanks guys, this IPS vs WAF video also helped with my security fundamentals class.
@mostafashawki
5 жыл бұрын
@@devcentral Thank you for sharing :)
how is no one commenting on how he's writing backwards?
@devcentral
2 жыл бұрын
Thanks for the comment and here is how we produce the Lightboard Lessons: kzread.info/dash/bejne/h2t5wa5tp6a2hMY.html
3:47 a WA""""""F :D