中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeInformation, Computer and Network SecurityProducts and Solutions

IPS: Intrusion Protection (Prevention) System

Intrusion Protection (or Prevention) System (IPS) is a new generation of Intrusion Detections Systems (IDS) to address the weakness of IDS in its pro-active nature and high false positive/negative natures. An IPS offers the ability to identify an intrusion, relevance, impact, direction and proper analysis of an event, and then pass the appropriate information and commands to the firewalls, switches and other network devices to mitigate the event's risk.

The key technical components of IPS include the marriage of global and local host access controls, IDS, global and local security policy, risk management software, and globally accessible consoles for managing IPS. To reduce false positives/negatives as in the case of IDS, IPS often uses more advanced intrusion detection techniques such as heuristic scanning, content inspection, stateful analysis and behavior analysis, in combination with the traditional intrusion detection techniques such as signature based detection and anomaly detection.

As in the case of Intrusion Detection System (IDS), there are host based IPS and network based IPS.

Host based IPS

The Host IPS relies on agents installed directly on the system being protected. It binds closely with the operating system kernel and services, monitoring and intercepting system calls to the kernel or APIs in order to prevent attacks as well as log them. It may also monitor data streams and the environment specific to a particular application (file locations and Registry settings for a Web server, for example) in order to protect that application from generic attacks for which no signature yet exists.

Network Based IPS

The Network IPS combines features of a standard IDS, an IPS and a firewall, and is sometimes known as an In-line IDS or Gateway IDS (GIDS) . The network based IPS device can only prevent malicious traffic streams that traverse the device. To effectively deploy an IPS device it must be deployed in such a manner as force traffic streams to traverse the device. To be more specific, the protected streams should represent data to/from networked computer systems where

  • A high degree of security and protection is required in a specified network area, and/or
  • There is a high probability of an internal outbreak within the network area, and/or
  • The deployment location effectively segments the network into the smallest areas of protection, offering the widest area of effective coverage.

Intrusion Protection (Prevention) System

IPS: Intrusion Protection (Prevention) System

Related Terms: Firewall , Intrusion Detection System (IDS), heuristic scanning, content inspection, stateful analysis, behavior analysis, signature detection, anomaly detection

‹ IDS: Intrusion Detection SystemupWindows Vista Security Guide Overview ›