Networking's greatest debates in Security

Classic debates include Immediate flaw alerts vs. Disclosing with patches, IDS vs. IPS and Perimeter security vs. inside security

IDS vs. IPS

A firestorm of controversy exploded four years ago when consulting firm Gartner declared that intrusion-detection systems that passively monitor for malicious traffic would be "dead" by 2005, a dinosaur wiped out by intrusion-prevention systems that proactively block bad traffic.

Buying an IDS to monitor unwanted traffic is a waste of time and money, Gartner stated, urging enterprise managers to start buying in-line IPS products and step up to the plate and block the attack traffic comin' at 'em, primarily from the Internet.

Blocking the bad traffic with an in-line IPS opened the possibility of mistakenly blocking good traffic, too, yelped IDS proponents.

IPS products in 2003 were mainly in their infancy and their accuracy deeply suspect. IDS - the most well-known and popular being open source Snort created by Martin Roesch in 1998 - was a known quantity. Sure, IDS had its drawbacks, sometimes generated false positive and negatives, and most people didn't really know what to do with the massive amount of information netted in the monitoring process.

But Gartner saying IDS is dead?

"I find the logic behind their conclusions significantly flawed and their recommendations incomprehensible," was the response at the time from Roesch, CTO at Sourcefire, founded in 2001 to commercialize Snort. "To be fair, Gartner's concerns have some basis in fact," he conceded, adding, "Undoubtedly, IDS must continue to evolve in order to fully realize its potential."

Today, the issue is largely a moot point as IPS products on the market - which typically rely on IDS detection techniques to flag a problem - tend to operate in a mixed mode, allowing managers to boldly block malicious traffic or passively monitor, or both, depending on the configuration. Security vendors are often coy about breaking out figures on IDS and IPS, but IDC believes IPS began overtaking IDS in 2005. Continuous testing by independent sources helps with determining strengths and weaknesses in IPS. -Ellen Messmer

IPSec vs. SSL VPNs

When IP VPNs came on the scene in the late 1990s IPSec quickly established itself as the standard to provide secure network-layer connectivity over insecure IP networks, typically the Internet.

The appeal was obvious: it is less expensive to buy Internet access and make WAN connections over it than to buy dedicated circuits or a frame relay or MPLS service.

But IPSec is complex. The more sites that connect to each other, the more secure links or tunnels need to be defined and maintained. If IPSec is used for remote access, it requires software on every remote machine that must be installed and maintained.

Then SSL VPNs entered the scene offering application-layer secure access over the Internet using capabilities common to most browsers. The implication was that businesses interested in remote-access VPNs no longer needed to distribute and maintain client software on the remote machines.

The limitation of SSL was that the browsers could access only Web-based applications, but this challenge was met by Webifying non-Web applications or pushing Java or Active X SSL VPN agents to the remote machines on the fly. These plug-ins gave the remote computers the ability to create network layer connections comparable to IPSec, but without having to distribute dedicated VPN client software.

As a result, SSL VPNs are making great headway against IPSec VPNs for remote access and seem likely to win out in the end.

IPSec is still the preferred method of site-to-site VPNs because either technology requires a gateway anyway, IPSec is better established in this arena and many SSL vendors don't even offer site-to-site connections. For site-to-site, IPSec carries the day.

-Tim Greene

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Staff Writers

Network World
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?