- Three configuration modes in the same device: IDS, IPS and Hybrid
Deployment
StoneGate IPS supports both Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) modes as well as the combination of these two, ie the hybrid mode.
IPS (Intrusion Prevention System)
In the IPS mode the device is configured inline between the network traffic paths.
Depending
on the
IPS
appliance model, the inline sensor is able to inspect 1-4 physical segments simultaneously or
more if VLAN tagging is used. IPS is able to restrict traffic by blocking the traffic or sending
requests for a firewall or other Inline IPS to isolate the segment from other networks using a
blacklisting. IPS access control functionalities can be extended by using
Transparent
Access Control (TAC) module.
IPS mode is good to block attacks, if you can identify a clear threat path, for example, traffic from the Internet to DMZ segment, or traffic from internal network to Internet.
IDS (Intrusion Detection System)
In the IDS mode the device is passively monitoring a network traffic.
The IDS
mode can be used for aggregating network traffic from multiple VLANs or physical traffic sources,
such as switches and WireTAPs, into one centralized IDS sensor or IDS cluster. IDS is able to
restrict traffic by sending resets or requesting a firewall or Inline IPS to isolate the segment
from other networks using a blacklisting.
The IDS mode is good when you have to protect large Local Area Network (LAN) segments. IDS is able to detect hostile machines even if the devices would not communicate to the other network segments.
Hybrid mode
In the hybrid mode, the same device is configured
to function in both modes.
Using the same device in both modes is an efficient and
cost-effective solution for smaller implementations.