Friday, September 18, 2015

What Is Intrusion Prevention System?

If not redirected, please click here https://www.thesecuritybuddy.com/data-breaches-prevention/what-is-idps-or-intrusion-detection-and-prevention-system/

An Intrusion Prevention System or IPS, also known as an Intrusion Detection and Prevention System or IDPS, is a network security appliance that monitors network and system activities and detects possible intrusions. It can also prevent intrusions by blocking or stopping the activity, logging information about it and report it.





IDPS is extension of Intrusion Detection System. It can prevent intrusions by sending an alarm, dropping a malicious network packet, resetting the connection or blocking traffic from an offending IP address.



Different types of Intrusion Prevention System 


IDPS can be of four different types:


- Network based Intrusion Prevention System
- Wireless Intrusion Prevention Sytem
- Network Behavior Analyst
- Host based Intrusion Prevention System



Network based Intrusion Prevention System – A Network based Intrusion Prevention System or NIPS monitors the inbound and outbound network traffic and detects and prevents intrusions by analyzing network protocol activities.


Wireless Intrusion Prevention System – A Wireless Intrusion Prevention System or WIPS monitors a wireless network, analyzes it, detects suspicious activities and prevents them.


Network Behavior Analyst – A Network Behavior Analyst or NBA monitors the inbound and outbound network traffic for suspicious activities. It monitors unusual traffic flows and detects distributed Denial of Service attacks. It also looks for certain forms of malware and policy violations and prevents it.


Host based Intrusion Prevention System – A Host based Intrusion Prevention System or HIPS is a software package installed in a host. It monitors the activities of a single hosts and detects and prevents malicious activities.


How does IPS detect intrusions

There are three methods by which an IPS can detect intrusions.


  • It can monitor signatures of all inbound and outbound network traffic and compare them with a database of signatures of threats.
  • It can monitor the network traffic to find out any anomaly in terms of statistical behavior, such as, bandwidths, protocols, ports or devices being used and detect and prevent intrusions based on that.
  • It can monitor activities and compare them with predetermined profiles of accepted benign activities, and detect and prevent intrusions if any anomaly is detected.



So, stay safe, prevent software attacks!

No comments:

Post a Comment