Tuesday, March 3, 2020

Intruder Prevention System (IPS)

IPSs present a significant improvement over traditional firewall technologies, when making access control decisions based on traffic content, rather than IP addresses or ports. Some time later, some IPS were marketed by the One Secure company, which was finally acquired by NetScreen Technologies, which in turn was acquired by Juniper Networks in 2004. Since the IPS were literal extensions of the IDS systems, they continue in relation.



Functioning


Among its main functions are not only the identification of malicious activity, but the attempt to stop this activity.

The administrator must be alerted to the detection of intrusions or malicious activity, while it is exclusive to an Intruder Prevention System (IPS) to establish security policies to protect the computer or the network from an attack. that an IPS protects a network or computer proactively while an IDS reactively does it.



IPSs are classified into four different types:

1. Network-based Lan (NIPS): monitor the lan network for suspicious network traffic by analyzing activity by lan communication protocol.



2. Wireless Network Based (WIPS): monitor the wireless network for suspicious traffic by analyzing the activity by wireless communication protocol.



3. Network Behavior Analysis (NBA): Examines network traffic to identify threats that generate unusual traffic, such as denial of service attacks, certain forms of malware and network policy violations.



4. Host-based (HIPS): It is done by installing software packages that monitor a single host for suspicious activity.



Intrusion Detection and Prevention System Categorize the way they detect malicious traffic:

Signature-based detection: as an antivirus does.

Policy-based detection: IPS requires security policies to be declared very specifically.

Detection based on anomalies: depending on the pattern of normal traffic behavior.




1 comment: