At the end of last year, our information-analytical center conducted a test firewalls to protect against internal attacks . However, for the sake of completeness, we believe that it is necessary to conduct some additional tests to a comprehensive understanding of the possibilities of different firewalls. One of the key here, in our view, is a unit testing, IDS / IPS (Intrusion Detection System, Intrusion Prevention System - System Intrusion Detection and Prevention) to be protected from external attacks on vulnerable applications.
The fact is that at the moment personal firewall in the classic sense of the word no longer exists. For effective protection, it includes a module IDS / IPS. If it works effectively, it does not matter what the opening of a protocol or port, as external attack would still be detected and eliminated by this module.
The main objective of IDS / IPS - a reflection of network attacks. Under attack, the network is understood to attack a computer, performed remotely by an attacker or malicious code. Such attacks can be made from the Internet or local network to gain control of the target system, unauthorized access to data or the output of the system out of action for a certain period of time. Most external network attacks rely on vulnerabilities of operating systems, installed applications, protocols or their implementations.
The purpose of this test - to show the ability of IDS / IPS to withstand external attacks on vulnerabilities in the operating system and applications. During this test the affected system were external attacks using various exploits. It should be noted that in the test were studied only such attack in which an attack is in passive mode, ie in a situation where the user does not perform any active action (not open a file or web page does not download data, etc.).
