IPS classification
IPS can be classified in different ways. On the one hand, depending on its method for detecting threats and on the other, based on the technology that implements them.
Classification according to the detection method:
IPS based on signatures or signatures: they have a database of “signatures”, in which known patterns of security attacks on a device or a network are reflected. This information adheres to the device that will perform the detection so that, through a match search, it can be established whether or not a possible attack exists and react accordingly.
IPS based on anomalies: also known as "profile" based, this functionality attempts to identify a different behavior that deviates from what, in some way, has been predefined as a "normal performance" of a device or a network. To ensure this behavior, a powerful statistical analysis of traffic indicators is used.
Policy-based IPS: Security policies are required to be declared very specifically. The IPS recognizes the traffic defined by the established profile, allowing or discarding data packets, so its way of acting occurs very similar to the operation of a firewall.
IPS based on Honey Pot detection: it works using equipment configured so that, at first glance, it appears to be vulnerable and interesting for an attack, so that when these occur, evidence of the way to act is left , which can subsequently implement security policies.
Classification according to its technology:
Host-based IPS Security: monitors the characteristics of a particular subscriber's network device, to detect activities within it. Among the features it monitors are: wired or wireless network traffic, system logs, user access, process execution and file modifications; the contingency actions launched also act only on the host on which it works. This type of IPS is frequently used in the protection of servers and devices with uninterrupted service applications.
Network-based IPS: With this technology, monitoring is carried out on traffic flowing through particular segments, and network, transport and application protocols are analyzed to identify suspicious activities. Its operation is characterized by real-time analysis of traffic data packets (wired or wireless), in search of patterns that may involve some type of attack. A recommended solution for the detection of intruders that come from unreliable networks is that the IPS system reside together with the firewall on the same device.
IPS can be classified in different ways. On the one hand, depending on its method for detecting threats and on the other, based on the technology that implements them.
Classification according to the detection method:
IPS based on signatures or signatures: they have a database of “signatures”, in which known patterns of security attacks on a device or a network are reflected. This information adheres to the device that will perform the detection so that, through a match search, it can be established whether or not a possible attack exists and react accordingly.
IPS based on anomalies: also known as "profile" based, this functionality attempts to identify a different behavior that deviates from what, in some way, has been predefined as a "normal performance" of a device or a network. To ensure this behavior, a powerful statistical analysis of traffic indicators is used.
Policy-based IPS: Security policies are required to be declared very specifically. The IPS recognizes the traffic defined by the established profile, allowing or discarding data packets, so its way of acting occurs very similar to the operation of a firewall.
IPS based on Honey Pot detection: it works using equipment configured so that, at first glance, it appears to be vulnerable and interesting for an attack, so that when these occur, evidence of the way to act is left , which can subsequently implement security policies.
Classification according to its technology:
Host-based IPS Security: monitors the characteristics of a particular subscriber's network device, to detect activities within it. Among the features it monitors are: wired or wireless network traffic, system logs, user access, process execution and file modifications; the contingency actions launched also act only on the host on which it works. This type of IPS is frequently used in the protection of servers and devices with uninterrupted service applications.
Network-based IPS: With this technology, monitoring is carried out on traffic flowing through particular segments, and network, transport and application protocols are analyzed to identify suspicious activities. Its operation is characterized by real-time analysis of traffic data packets (wired or wireless), in search of patterns that may involve some type of attack. A recommended solution for the detection of intruders that come from unreliable networks is that the IPS system reside together with the firewall on the same device.
google 4711
ReplyDeletegoogle 4712
google 4713
google 4714
google 4715
google 4716