- Three configuration modes in the same device: IDS, IPS and Hybrid
Deployment
StoneGate IPS supports both Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) modes as well as the combination of these two, ie the hybrid mode.
IPS (Intrusion Prevention System)
In the IPS mode the device is configured inline between the network traffic paths.
Depending on the
IPS appliance model, the
inline sensor is able to inspect 1-4 physical segments simultaneously or more if VLAN tagging is
used. IPS is able to restrict traffic by blocking the traffic or sending requests for a firewall or
other Inline IPS to isolate the segment from other networks using a blacklisting. IPS access
control functionalities can be extended by using
Transparent
Layer-2 Firewall features.
IPS mode is good to block attacks, if you can identify a clear threat path, for example, traffic from the Internet to DMZ segment, or traffic from internal network to Internet.
IDS (Intrusion Detection System)
In the IDS mode the device is passively monitoring a network traffic.
The IDS mode can be used for aggregating network traffic from multiple
VLANs or physical traffic sources, such as switches and WireTAPs, into one centralized IDS sensor
or IDS cluster. IDS is able to restrict traffic by sending resets or requesting a firewall or
Inline IPS to isolate the segment from other networks using a blacklisting.
The IDS mode is good when you have to protect large Local Area Network (LAN) segments. IDS is able to detect hostile machines even if the devices would not communicate to the other network segments.
Hybrid mode
In the hybrid mode, the same device is configured
to function in both modes.
Using
the same device in both modes is an efficient and cost-effective solution for smaller
implementations.
