Intrusion Prevention System (IPS) is a proactive protection technology that provides security at the network level. It’s the first line of defense against malware. An organization can not protect their network with just a firewall. Additional protection is needed to avoid potential risks and attacks. An Intrusion Prevention System adds the extra layer of protection by examining all network traffic that is allowed through the firewall. Previously Intrusion Prevention Systems simply protected operating system threats or denial of service and distributed denial of service attacks. These threats exploited vulnerabilities that were mostly in the operating system stack and services. Over the years these operating system components have become more robust to where they are not prone to vulnerabilities as much. With PC use becoming more centered around users doing more on online activity, which means more dependence on web browsers and plug-ins to interact with different web sites and services. This has created opportunities for hackers to move their attacks from operating systems to exploiting vulnerabilities in applications. Now attacks are more likely to hit your web browser, document viewers, media players, etc. Most websites securities are not up to par in which easy attacks can take place on websites that users visits. These attacks can download malware on web pages that are legitimate to users. Users become infected after being tempted into visiting bad sites through means of social engineering scams, fake e-mail from friends, the bank, and messages on social networking sites. These are all examples of how easy it is to get users to visit these dangerous sites. To fight against these threats, an IPS has the smarts to protect the system against vulnerabilities. In addition the IPS scans all network traffic as well as specific browser protection.
Before deploying an Intrusion Prevention System one must understand what is going to be protected....
Please join StudyMode to read the full document