Preview

Intrusion Prevention Systems: Functions and Types

Good Essays
Open Document
Open Document
467 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Intrusion Prevention Systems: Functions and Types
Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. [1]
Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. [2][3] More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. [4] An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. [2] [5]
Contents [hide]
1 Classifications
2 Detection methods
3 See also
4 References
5 External Links
[edit]Classifications

Intrusion prevention systems can be classified into four different types:[6][7]
Network-based Intrusion Prevention (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
Wireless Intrusion Prevention Systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations.
Host-based Intrusion Prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

You May Also Find These Documents Helpful

  • Powerful Essays

    References: 267. Beijtlich, R. (n.d.). The Practice of Network Security Monitoring: understanding incident detection and response. [Books24x7 Version.…

    • 4846 Words
    • 17 Pages
    Powerful Essays
  • Satisfactory Essays

    Unit 454 Lab 4 Essay

    • 457 Words
    • 2 Pages

    Firewall sits at the boundary of a network and deny traffic that breaks its rules. However, intrusion detection system has sensors throughout the network and usually only logs rule violations and traffic inside the network. It gives view of scanning and probing attempts outside of network.…

    • 457 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    c) Logical IDS: Network and workstation mechanisms that monitors network traffic and provide real-time alarms for network-based attacks Service Network.…

    • 1152 Words
    • 4 Pages
    Satisfactory Essays
  • Powerful Essays

    ITNE455-1204A-01 U3GP3

    • 5030 Words
    • 21 Pages

    Bradley, Tony, (2012). Introduction to Intrusion Detections Systems (IDS). Retrieved September 5, 2012 from http://netsecurity.about.com/cs/hackertools/a/aa030504.htm…

    • 5030 Words
    • 21 Pages
    Powerful Essays
  • Powerful Essays

    A(n) ____ is a hardware device or software program that inspects packets going into or out of a network or computer and then discards or forwards those packets based on a set of rules.…

    • 817 Words
    • 4 Pages
    Powerful Essays
  • Better Essays

    Nt1310 Unit 3 Assignment 1

    • 3788 Words
    • 16 Pages

    Applications that use the Internet can have weaknesses when it comes to updates. Usually vendors will release patches to address some of these weaknesses when they are discovered. For some reason the full patch is not installed this now makes the application vulnerable. When the user downloads a document, media file, or even just a HTML page on this un-patched system the system can be compromised. With this happening this can cause more malware to be downloaded making the overall system worse. With the IPS in place the patches with the vulnerable application can be scanned by network traffic for patterns with the IPS it will help you will data about the network on a regular basis to see what is going on. With the IPS in place we will have the control to set it up with all the policy’s that are needed to help fight against any…

    • 3788 Words
    • 16 Pages
    Better Essays
  • Better Essays

    Implementing the installation of an IDS or IPS will allow for suspicious traffic to be flagged and reported to administrators based on one of two different factors. These factors are signature based or anomaly based depending on how they are configured.…

    • 1279 Words
    • 6 Pages
    Better Essays
  • Good Essays

    RLOT2 Task 2 B rev 1

    • 569 Words
    • 2 Pages

    Defense in Depth provides the university several layers of protection. Starting at the endpoints, host intrusion protection (HIPS), should be installed on each Device. Properly installed, HIPS will not permit the installation of unauthorized programs. This was the root cause of the (D)DoS recently experienced. At the routers access control lists (ACLs) must be put in place to allow only traffic with a legitimate protocol and destination. Between the routers and the endpoint a firewall solution must be put in place. The firewall must be configured to allow only allowed protocols and port numbers to communicate with specific destinations. Between the firewall and endpoint a (D)DoS a detection tool (such as Arbor’s Prevail) must be put in place. This measure not only allows for quick detection of (D)DoS it also permits the automatic mitigation of the…

    • 569 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Cs150 Unit 3 Assignment

    • 498 Words
    • 2 Pages

    In a Denial-of-Service (DoS) attack, a malicious client (the attacker) performs operations designed to partially or completely prevent legitimate clients from gaining service from a server (the victim). (Brustoloni, N.D.) To defend your system from DoS attacks it typically involves the use of a combination of attack detection software, aiming to block traffic that is identified as illegitimate and allow all traffic that is identified as legitimate. Some traffic classification and response tools are Firewalls, Switches, Routers, Application front end hardware, IPS based prevention, DDS based…

    • 498 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    Riordan Security Issues

    • 1371 Words
    • 6 Pages

    Shaw, R. (2009). Intrusion prevention systems market trends. Faulkner Information Services. Retrieved September 22, 2009, from…

    • 1371 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    NT2580 Project part 1

    • 562 Words
    • 3 Pages

    i. With this security plan being implemented, you can monitor inbound IP traffic anomalies and prevent malicious-intent traffic that may try to intrude and harm your system.…

    • 562 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Hardware can be used to protect the network from outside threats. Intrusion detection systems (IDS) automate detection of threats and attack through traffic analysis. Cisco’s IDS “delivers a comprehensive, pervasive security solution for combating unauthorized intrusions, malicious Internet worms, along with bandwidth and e-Business application attacks” (Cisco Systems, 2007, Cisco Intrusion Detection). They take this one-step further with an intrusion prevention systems (IPS). IPS shifts the focus on the attacker, not the attack itself, by increasing the accuracy of threat prevention through global threat analysis (Cisco Systems, 2012, Intrusion Prevention System with Global Correlation). The Cisco Adaptive Security Appliances (ASA) “combines the industry 's most deployed stateful inspection firewall with…

    • 890 Words
    • 4 Pages
    Better Essays
  • Satisfactory Essays

    Lab 4

    • 342 Words
    • 2 Pages

    Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.…

    • 342 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    NT2580

    • 526 Words
    • 5 Pages

    NT2580 Introduction to Information Security Unit 2 Application of Security Countermeasures to Mitigate Malicious Attacks © ITT Educational Services, Inc. All rights reserved. Learning Objective Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure. NT2580…

    • 526 Words
    • 5 Pages
    Satisfactory Essays
  • Powerful Essays

    Lab 12

    • 3059 Words
    • 13 Pages

    In this lab you will use the Wireshark packet analyzer to capture and display the control information and data stored in packets transmitted over a network. Wireshark collects network traffic data and creates files that display packet header information in a layered format like that used by the Internet model. These layers can be expanded to view details that may prove helpful in determining the source of problems that your network might be experiencing. Creating filters that hide unwanted data and facilitate data analysis will also be discussed in this lab.…

    • 3059 Words
    • 13 Pages
    Powerful Essays