dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
339
sbe171
join:2014-11-30

sbe171

Member

UTM Services

Can anyone explain to me what are ADP and IDP?
How do I know if I need them?

Regarding Anti Virus - what are the considerations about whether the anti virus should work on the workstations or the firewall - other than the obvious need to update every workstation and performance of the firewall - which way provides better protection, and are they needed at all? It was suggested to me by an expert that anti virus is not very important, and as long as my network is protected by a proper firewall I should be OK.

E81
@91.153.178.x

E81

Anon

ADP: Anomaly detection and prevention is actually free service in zyxel devices and I wouldn't consider it to be a part of utm services. What it does is scanning of network traffic for anomalies like port scans and packet floods and blocks them if configured to do so. It's a basic function of any modern firewall.

IDP: intrusion detection and prevention goes a bit deeper. It actually inspects the data content of the packet and determines if an intrusion attempt is taking place. It protects the user for threaths like BASH shellshock exploit.

Regarding of antivirus - you should never ever trust the AV only at the gateway level. That "expert" you are referring to hasn't propably heard of layered security. There are limitations in the maximum number of virus signatures in many firewalls including the zyxel devices. It's good to have a gateway AV but you should run an AV software on your pc just in case if some malware gets past the first line of defense.
sbe171
join:2014-11-30

sbe171

Member

Thanks - I understand that much.

However I am not quite sure in practicality who needs IDP and who doesn't.

Regarding anti virus - so you should pay for anti virus both on the workstation and on the firewall? Or only one is enough? If one is enough, then the workstation anti virus is more effective than the firewall anti virus?

E81
@91.153.178.x

E81

Anon

IF you must choose between firewall av and workstation av I would go with workstation av. Firewall av gives some extra protection. If you are a home user you could go with free workstation av and purchase the firewall av if you want.

Difficult to say who needs idp and who doesn't. Everyone who wants extra protection against exploits and/or is running public servers. You be the judge if the extra protection is worth the extra money.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

3 edits

Brano to sbe171

MVM

to sbe171
Definitely go with PC based protection (AV and IDP). Whatever is on these routers is not enough and often not worth paying for; not mentioning that your router throughput, if UTM enabled, will significantly go down.

AV, IDP on the router has serious limitations:
- memory limitation - can't hold so many signatures (typically holds only recent)
- encryption limitation - typically scans only non-encrypted (non SSL/HTTPS) traffic
- speed issues - slows down the throughput
- false positives - from time to time
- compressed files scanning limitations (often beyond certain size is not scanned, again due to memory limitations, or only scans i.e. zip and no other compression methods)
- unreasonable price tag for limited functionality

P.S.: I'm talking about sub $10k devices, the story is different in enterprise world.