**2.4.1 Border prevention deployment**

With the rapid development of Internet, great deals of business applications rely on Internet. However, there are various security threats, such as worms, computer viruses, spywares and DDoS attacks, towards the entrance to the Internet of an intranet due to the openability of Internet.

To minimize external network security risks, intrusion prevention module may sit on the entrance to Internet, examine traffic, and block malicious or suspect code in real time. As shown in figure 7.

Intrusion Detection and Prevention in High Speed Network 63

Internet

IPS Firewall User

IPS

Server zone

Internet

Attacker User

IPS Firewall User

IPS

Server zone

Office zone

Office zone

Attacker

Attacker

Fig. 8. Key zone prevention deployment

Security control zone

Fig. 9. Hybrid prevention deployment

Security control zone

IDS mode

IPS IPS run in

Fig. 7. Border prevention deployment
