Computing networks can include multiple network devices such as routers, switches, hubs, servers, desktop PCs, laptops, workstations, and peripheral devices, e.g., printers, facsimile devices, and scanners, networked together across a local area network (LAN) and/or wide area network (WAN).
One advantage realized by networks is the ability to share network resources among dispersed clients. For example, networks can include checking functionalities, e.g., an intrusion system (IS), e.g., intrusion prevention system (IPS) and/or intrusion detection system (IDS) that serve to detect unwanted intrusions/activities to the computer network, as well as remediation servers that store operating system patches, virus definitions, etc. Unwanted network intrusions/activities may take the form of attacks through computer viruses and/or hackers, misconfigured devices among others, trying to access the network. To this end, an IS can identify different types of suspicious network traffic and network device usage that cannot be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, denial of service attacks, port scans, unauthorized logins and access to sensitive files, viruses, Trojan horses, and worms, among others.
To increase robustness, a network can contain multiple IS's, each with differing capabilities. In such a case, it is advantageous to direct traffic that needs to be examined to the IS device that meets the minimum capabilities for the type of traffic being sent, the security level assigned to both the sender and recipient of the traffic as well as the load on the IS. By balancing traffic across the multiple IS's, overall checking efficiency is improved.
Throughout the drawings, identical reference numbers designate similar, but not necessarily identical, elements.