An intrusion Prevention System (IPS) is a device or software capable of detecting and preventing intrusion attempts into your network or hosts.
Intrusion Prevention Systems are evolved from Intrusion Detection Systems (IDS).
IDS were only capable of detecting intrusion attempts and notifying the administration of such an attempt. This has led manufacturers to create IPSs that inform the administrator of intrusion attempts and prevent such attacks.
Intrusion Preventions Systems are more advanced than firewalls. Firewalls typically make decisions based on ports, IP addresses, etc. On the other hand, the Intrusion Prevention System is capable of making decisions based on the content of the data flowing across the cabling system.
As in IDS, there are two types of IPS available. Network-based IPS are, in most cases, hardware devices that sit at the network chokepoint and provide intrusion protection to the whole network. On the other hand, host-based IPS are software systems – or agents, to be more precise – that sit on individual hosts and protect the individual hosts from intrusion attempts.
There are two types of IPS available based on how they provide protection. First is the rate-based IPS. This type of IPS functions by identifying the traffic that is not usual for the network and functions by learning and benchmarking the regular traffic prevalent on the web on which it is installed.
This type of protection is also known as behavior-based protection, as the behavior of the traffic is monitored for any deviation from the benchmark that has been set. These types of systems are also sometimes identified as anomaly-based IPS.
On the other hand, content-based IPS looks at the contents of every packet that traverses the IPS and makes a decision based on that. Content-based Intrusion Prevention System is often known as signature-based IPS. These systems contain a database of known intrusion signatures, and based on that comparison, the decisions are made. There are two different types of IPS that are available:
- Policy-based IPS; and
- Protocol Analysis -based IPS.