An intrusion prevention system sit in-line on the network and monitors the traffic, and when a suspicious event occurs it takes action based on certain prescribed rules. An IPS is an active and real time device, unlike an Intrusion detection system which is not inline and they are passive devices. Intrusion prevention systems are considered to be the evolution of intrusion detection system.
Alternately, an Intrusion prevention system is usually a hardware device that is connected to the network. It function is to monitor the network for nay unwanted behavior and to prevent such behavior.
A Network based Intrusion prevention system (NIPS) is used to monitor the network as well as protect the confidentiality, integrity and availability of a network. Its main functions include protecting the network from Threats such as Denial OF Service and unauthorized usage.
Network based intrusion Prevention system monitors the network for malicious activity or suspicious traffic by analyzing the protocol activity. NIPS once installed in a network it is used to create Physical security zones. This in essence makes the network intelligent and it and quickly discerns good traffic from bad traffic. In other words the NIPS becomes like a prison for hostile traffic such as Trojans, worms viruses and polymorphic threats. NIPS are manufactured using high speed Application Specific Integrated Circuits (ASICS) and network processors. A Network processor is different when compared to a micro processor. Network processors are used for high speed network traffic, since they are designed to execute tens of thousands of instructions and comparisons in parallel unlike a microprocessor which executes an instruction at a time.
NIPS are considered to be extensions of the present Firewall technologies. Firewalls inspect only the first four layers of the OSI model of any packet of information flow....