Problem solve Get help with specific problems with your technologies, process and projects.

Can intrusion prevention systems alone prevent botnet attacks?

Network-based intrusion prevention systems offer some protection against botnets, but that's only one piece of the puzzle. In this SearchSecurity.com Q&A, information security threat expert Ed Skoudis reviews the other tools that should be a part of your botnet defense plan.

Are IPSes the best way to counter botnet attacks? Are there other methods we should use in our enterprise environment to protect against these threats?
Network-based intrusion prevention systems offer some defenses against botnets, but they are only one piece of the puzzle. Many modern IPSes have signatures for some popular bots' control traffic, and the systems can alert you when bots are trying to poll for an attacker's commands. Other IPSes go further, blocking the botnet control traffic that they detect. It should be noted, however, that network-based IPSes have signatures only for the most popular bots, but not all of the bots out there, so further defenses are required.

Host-based intrusion prevention systems are another layer of defense. These tools limit the various applications running on your system, blocking their ability to interact with the underlying kernel. Some bots function, however, by installing themselves inside of other legitimate applications, using them to undermine the system and potentially fly below the radar screen of your host-based IPS.

Therefore, in addition to network- and host-based IPSes, you should also make sure you have thoroughly deployed antivirus, antispyware and host-based firewalls. By operating on all of these fronts, you can dramatically lower the threat posed by your environment's bots.

More information:

  • Learn why you shouldn't toss host-based intrusion prevention systems out of your network security strategy just yet.
  • See which intrusion prevention/detection tools were nominated for Information Security magazine's 2007 Readers' Choice Awards.
  • This was last published in February 2007

    Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.