Intrusion Prevention Systems: Functions and Types

Only available on StudyMode
  • Topic: Intrusion prevention system, Intrusion detection system, Network intrusion detection system
  • Pages : 2 (467 words )
  • Download(s) : 110
  • Published : July 28, 2011
Open Document
Text Preview
Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. [1] Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. [2][3] More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. [4] An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. [2] [5] Contents [hide]

1 Classifications
2 Detection methods
3 See also
4 References
5 External Links

Intrusion prevention systems can be classified into four different types:[6][7] Network-based Intrusion Prevention (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity. Wireless Intrusion Prevention Systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols. Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations. Host-based Intrusion Prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. [edit]Detection...
tracking img