Internet security requires newer prevention mechanisms to be implemented on web-servers and routers. Firewall/Intrusion Prevention mechanisms (IPS) can be deployed on host servers or routers as an added line of defense against Internet attacks. In this thesis, we evaluate performance of security mechanisms provided by these devices against Distributed Denial of Service (DDoS) attacks. The host based firewalls on Windows servers-2003 and 2008 were evaluated. In this thesis, we also evaluated Juniper Networks Netscreen-5GT firewall/IPS, and Cisco ASA-5510/IPS that are used in protecting web-servers against DDoS attacks. It was found that the host based firewalls and protection mechanisms on the windows servers were not capable of defending against the DDoS attacks. Our performance evaluation showed the computing resource of the servers to be completely exhausted under these attacks. The evaluation of firewalls and IPS under different loads of attack had varying performance in supporting the number of web connections