Denial of Service Attacks and the Emergence of 'Intrusion Prevention Systems'

Firewalls and Intrusion Detection Systems (IDS) have been the mainstay of network security perimeters for many years and have evolved over time with increasing sophistication and technological advance to maintain protection of Enterprise Networks. These systems however are bearing the brunt of increased Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks from across the globe[1,2]. Where possible new techniques and technologies should always be considered to provide additional defences to prevent these devices and the Enterprise Network itself from becoming overwhelmed during such attacks. The objective of this paper is to give a review of DoS / DDoS attacks, provide a list of basic network attack prevention techniques, provide a brief comparison of current and emerging Intrusion Prevention devices available and to give an example implementation scenario using one of these products.