VPNs have come a long way and nowadays more and more people rely on them for both work and entertainment. They have become necessary security tools that are built with many features to ensure a safe internet experience, with such additions being website advisors, ad blockers or firewalls. More unknown and less widespread options include IDS (Intrusion Detection System) and IPS (Intrusion Prevention System), two sides of a same coin that can make the VPN world richer.
They target malware and other such menaces and their nature means they are often compared with firewalls and even antiviruses – though they do work somewhat differently. However, they can be used in conjunction with these to provide the ultimate VPN experience. But how, exactly?
Detection vs Prevention
IDS and ISP are either hardware or software applications – in case of VPNs it is the latter – and the meaning of each acronym actually tells a lot about how they work. The objective for IDS is to detect the intrusion of a menace via internal and external attacks by monitoring network activity in real time. This is achieved either using signature or anomaly-based detection methods. While the former searches for specific patterns and recognizes the malicious sequences used by malware, the latter uses machine learning to create a model of typical and trustworthy activity to detect any deviations from it.
In most cases, the functions of IDS are limited to reporting any intrusion attempts to the administrator, meaning manual human input is needed to fight the attack. Others can go further, however, and even respond to the detected intrusion on its own. These are considered extensions to detection systems and are what are defined as IPSs. These attempt to stop an intrusion by taking such actions as dropping detected malicious packets, resetting a connection or blocking all the traffic coming from the offending IP address. In addition, it can also defragment packet streams, correct certain errors, mitigate sequencing issues and more.
The detection methods of an IPS for determining if an attack is happening are, essentially, the same as an IDS. There’s a third method, though, called statistical anomaly detection, which uses random samples of network traffic and compares them in terms of bandwidth, protocols used, ports, and devices that connect with each other.
Comparison With Antiviruses and Firewalls
It’s easy to understand why IDS and IPS are compared to other tools that prevent and combat intrusions such as antivirus and firewalls. However, as technology continues to evolve, these shouldn’t be looked at as rivals but as partners instead. They are complementary and should be used together and not instead of each other. Firewalls, for instance, either permit or block traffic according to particular port and protocol rules, so an attacker could still send damaging data via perfectly legitimate ports. Combining firewalls with an IPS ensures that the traffic that the firewall permits is truly legitimate, since it has previously been scoured by a deep inspection with an IPS and confirmed to be trustworthy.
But none of these can reach as far as antiviruses. These prevent device infection from a malicious file that can be received via email, for instance, through an infected USB device or downloaded directly from the internet. A good antivirus goes further and can stop the ‘trigger’ that actually infects the device, therefore preventing any damage or theft of user information.
IDS and IPS on VPNs
Most VPN services offer their own ad blockers, firewalls and other privacy and security-oriented features on top of trustworthy encryption levels, which only highlights how crucial they are for the general online security landscape. And given the benefits of IDS and IPS technology, it seems logical that VPN companies would end up adopting them at some point, something that FrootVPN or PureVPN has already done. The latter, for instance, has it built into their VPN clients and apps and doesn’t charge extra for its use. It also regularly updates its archive of malicious signatures so that the tool can respond to the latest threats.
As such, complementing the use of a VPN with IDS and IPS, a firewall and an antivirus is the most effective way to remain anonymous and secure online.
Best VPN Services of 2018