Do you actually need a security product in your car? Part 3 : Intrusion Prevention and Detection Systems

I ended part 2 with the promise that we will discuss about : 2) Intrusion detection and prevention systems (IDS/IPS or IDPS) From Wikipedia: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.   IDPS for cars? Once inside, an attacker can utilize the vehicle’s internal communication bus and take control of additional modules inside the vehicle, including safety critical systems like the ABS and Engine Electronic Control Units (ECUs). Therefore, there is no “trusted device” anymore. Everything has to be assumed to be compromised. The…

No Image

What’s the difference between Intrusion Prevention Systems and(IPS) and Web Application Firewall?

I was asked a few times what is the difference between HIPS, NIPS, IPS, Application Firewall.  I did research a bit about this and started to write something. But, then I found this great article (see below at the resources) which describes everything perfect. Also read my own conclusions at the end of the article.   Introduction We are all somewhat familiar with Intrusion Prevention Systems (IPSs). But what is all this talk of Web Application Firewalls (WAFs)? What is a Web Application Firewall and how does it differ from an IPS? First, let’s take a quick look at Intrusion Prevention, its benefits and some short-comings. Then we will discuss WAFs and how they differ from and augment IPSs. Intrusion Prevention System (IPS) An IPS generally sits in-line and watches network traffic as the packets flow through it. It acts similarly to an Intrusion Detection System (IDS) by trying to match data in the packets against a signature database or detect anomalies against what is pre-defined as “normal” traffic. In addition to its IDS functionality, an IPS can do more than log and alert. It can be programmed to react to what it detects. The ability to react to the…

%d bloggers like this: