Build your own Intrusion Prevention Device (IPS) - Intro

IPS (Intrusion Prevention System) for those not in the know, are security devices, which attempt to detect and stop any malicious attacks from intruding your network. From a networking perspective, they run on Layer 7 of the OSI layer (, whereas routers and firewalls are normally restricted to Layer 3. Layer 7 devices can inspect application data, so they are more effective in detecting intrusions in your network.

I have a similar set up at home, except I have an IPS device in front of my ASAv. If you're interested, the device is one I pledged on kickstarter ( however their website is if you are interested in buying one. It is very robust for lazy SysAdmins who don't want to deal with the hassle of maintaining their own and non SysAdmins who just want something that will Plug n Play. However for crazy SysAdmins who have the time and patience, you can build your own in a linux VM, however you have the hassle of managing blacklists and whitelists, etc. The Itus Shield (previously called iGuardian) is very robust and is constantly being updated and improved, so for me it's much better. They have a development team focussed on developing and improving it, whereas I am only one person (with a lot of other things going on) so for me it's a no-brainer.

This device has stopped malware from infecting phones, tablets, my home server lab and pc's as well as anyone trying to snoop around. It's not perfect; the most l33t hax0rs will probably be able circumvent it if they want something badly enough, (I doubt they do!) but it's still good security in general as it scans network traffic on the fly and actually provides me with much better protection than many companies have in place that I have come across, if any at all! I won't mention any names! It can stop malware that hides it ads on all the popular sites you visit and blocks many pages that try to phish your details, etc.

Tutorial to this space

comments powered by Disqus