Complete network security requires many layers, one of the most important being intrusion prevention. If you have a firewall protecting your system and think it is enough, think again: A firewall is an important ingredient, but it is not the whole recipe for comprehensive security.
What is intrusion prevention, and why is a firewall not enough?
A firewall is, of course, a “wall” that goes around your network, and it keeps certain trespassers out. However, just like a physical wall can be breached by a person who brings a ladder with them, so can a network firewall be breached by a motivated intruder.
How do they do it? They exploit a fundamental weakness of the firewall: they find exceptions to the firewall’s rules.
Intrusion Detection System (IDS)
A firewall can do a pretty good job of evaluating all outside traffic coming in. If it misses something, however, a firewall has no way of further evaluating a bad bit of code after that code successfully passes through it. If the malware manages to not trip any firewall alarm, then an Intrusion Detection System (IDS), if the network is equipped with it, will spring into action.
An intrusion detection system is able to inspect and evaluate ALL network activity, both inbound and outbound. It is able to monitor activity to squash any transactional behaviors that might be suspicious or dangerous. Depending on the type of IDS, it can accomplish this in a variety of ways: Network-based (NIDS), Host-Based(HIDS), Perimeter-based (PIDS), or VM-based (VMIDS)
URL filtering monitors web traffic for safety safe. The original use of URL filtering was simply to control network user’s online activity to keep them off of their social media pages and on their actual work, but as the internet has expanded and more actual work must be done online. URL filtering has become more of a security measure than a user-productivity measure. As a result, URL filtering today is quite advanced, allowing administrators to easily view and manage the granular activity of every user of the network, and it provides immediate alerts should a user inadvertently land on a malware or phishing website.
IDS and URL filtering: Choices
There are a lot of choices out there for IDS and URL filtering. Some solutions involve more than one component. Such is the case with Cisco’s Adaptive Security Appliance (ASA) with Firepower software. Without Firepower, ASA will provide network activity management and protection, but without the visibility a network administrator would want. A network protected by ASA with Firepower, however, means the network administrator will have completely customizable and granular visibility of each user’s internet activity, be able to grant to remove individual permissions, and control the bandwidth. If one user at the corporation needs access to social network sites, such as the internet marketing manager, access can be granted to that user while social network sites can be inaccessible to those in the accounting department. A solution like this allows the maximum amount of freedom and flexibility to access the internet while safeguarding that riskier internet activities can be limited and locked down as needed.
A product like Meraki provides both IDS and URL filtering in one solution. With it, however, there is less flexibility for network administrators to control individual preferences for users than ASA with Firepower. Meraki provides a group-based approach to user controls and permissions. For instance, if Facebook is banned for one person in a group, then it is banned for all in the group. Bandwidth is also managed as a group rather by individual. The level of protection it affords, however, is just as comprehensive.
The network security that is best for your business will include some kind of intrusion prevention with URL filtering. The one that fits best the needs of the business will depend on many factors. The CISO/Network Administrator must decide what the business and its users require to maintain both the security and the productivity of the company.