What is Intrusion Prevention System Ips?

Questions and answers about computer security.

Intrusion Prevention System (IPS) is a device or software that is capable of both detection and prevention of intrusion attempts into your network or hosts.

Intrusion Prevention Systems are evolved from Intrusion Detection Systems (IDS).

The IDS were only capable of detecting the intrusion attempts and based on these intrusion attempts were capable of alerting the administration of such an attempt.

But there was a need for protection from such attempts as alerting alone doesn’t solve the issue of intrusion. This resulted in vendors creating IPS which not only perform the function of altering the administrator of the intrusion attempts but also prevent such attacks from happening.

Intrusion Preventions Systems are more advanced than firewalls. Firewalls normally make decisions based on ports, IP addresses, etc. The Intrusion Prevention System on the other hand is capable of making decisions based on the content of the data that is flowing across the cabling system.

As in IDS there are two types of IPS available. Network-based IPS are in most cases hardware devices that sit at the network choke point and provide intrusion protection to the whole network. Host-based IPS on the other hand are software systems – or agents to be more precise – that sit on individual hosts and protect the individual hosts from intrusion attempts.

There are two types of IPS available based on the method in which they provide protection. First is the rate-based IPS. This type of IPS functions by identifying the traffic which is not usual for the network and functions by learning and benchmarking the normal traffic that is prevalent on the network on which it is installed.

This type of protection is also known as behavior-based protection as the behavior of the traffic is monitored for any deviation from the benchmark that has been set. These types of systems are also sometimes identified as anomaly-based IPS.

Content-based IPS on the other hand look at the contents of each and every packet that traverses the IPS and makes decision based on that. Content-based Intrusion Prevention System is often known as signature-based IPS. These systems contain a database of known intrusion signatures, and based on that comparison, the decisions are made.

There are two further types of IPS that are available:
  • Policy-based IPS; and
  • Protocol Analysis -based IPS.

More security questions & answers