Intrusion Prevention System

As Intrusion Prevention Systems ( IPS ) are Intrusion Detection Systems ( IDS ) denotes that provide beyond the mere generation of events (events) has settings that can ward off a specific attack.

However, the term was originally coined by the marketing, which led to partially conflicting ideas exist about the extent one can speak of an Intrusion Prevention System.

The following characteristics are often highlighted as attributes of a network -based IPS:

  • The IPS is used in-line ( in the transmission ) and can interrupt or modify the data stream in case of alarm
  • IPS has modules to actively influence the rules of firewall systems. Thus, indirectly, the data stream will be interrupted or changed

According to their mode of operation There are different types of IPS:

  • The HIPS (Host -based IPS ) is running on the computer where the penetration is to be avoided.
  • The NIPS (Network -based IPS) on the other hand monitors the network traffic in order to protect the connected computer from intruders. The CBIPS (Content -based IPS) examines the contents of this transferred data on potentially hazardous components.
  • The Protocol Analysis IPS analyzes the transfers at the protocol level, looking for possible attack patterns.
  • The RBIPS ( rate -based IPS ) monitors the type and amount of traffic in order to initiate network- technical countermeasures.

Examples of open- source implementations of IPS Snort Untangle NIPS or Lokkit.