Home > Articles > Computer Terms & Definitions > Cybersecurity > Security Mechanisms & Technologies

What Is An Intrusion Prevention System?

What Is An Intrusion Prevention System

Date First Published: 14th June 2023

Topic: Cybersecurity

Subtopic: Security Mechanisms & Technologies

Article Type: Computer Terms & Definitions

Difficulty: Medium

Difficulty Level: 7/10

Learn about what an intrusion prevention system in this article.

An intrusion prevention system (IPS), also known as an intrusion detection prevention system is a security system that protects an organisation's network from malicious activity. It works by logging and monitoring all network traffic and watching for malicious activity. When malicious activity is detected, it will block and prevent the threats. Examples of threats that an IPS can detect include DDoS attacks, viruses, worms, and other exploits.

Detection Methods

An IPS uses three different detection methods, which include:

  • Signature-based detection - This compares data packet flows against a database of attack signatures to see if there are any matches. If there are any matches, the IPS will take action.
  • Anomaly-based detection - This uses heuristics to catch threats and compare them against a baseline to determine unusual network activity before they do real harm to the network.
  • Policy-based detection - Administrators manually configure security policies for the IPS. When any activity happens that violates a security policy, it will alert the administrator and the IPS will take action.

Packet Inspection

Real-time packet is carried out by the IPS. It works by deeply inspecting every packet travelling across the network. If any suspicious packets are detected, the IPS will either:

  • Terminate the TCP session that has been exploited, block any traffic from the offending source IP address or user account, and discard the malicious packets.
  • Remove any threats that stay on the network after an attack, like worms.
  • Reconfigure the firewall to prevent a similar attack from happening in the future.

Types Of Intrusion Prevention Systems

Below are five types of intrusion protection systems:

  • Network intrusion prevention system - These are installed to monitor all network traffic and scan for threats.
  • Host intrusion prevention system - Installed on devices to monitor traffic and monitors inbound/outbound traffic from that device only, giving network administrators a bit more control and flexibility. Often used in combination with network intrusion prevention systems.
  • Protocol-based intrusion prevention system - Placed at the front of a server and monitors traffic flowing to and from devices.
  • Hybrid intrusion detection systems - These provide a combination of the above types of intrusion detection.
  • Wireless intrusion prevention system - Scans and prevents unauthorised network access to wireless networks and other information assets by wireless devices.

Difference Between An Intrusion Protection System, an Intrusion Detection System, and A Firewall

An intrusion protection system (IPS) is more advanced than an intrusion detection system (IDS). An IPD can only detect malicious activity and threats and not take any action against it other than notifying the administrators. This means that administrators must take manual action after being notified by an IPD as the network is still under attack. The role of an IPS is to actually take action itself to prevent threats once detected rather than only detecting and recording them. It has the same functionality as an IDS in terms of detection. An IDS simply monitors traffic, whilst an IPS actually controls it.

However, an IPS can be prone to false positives, which is more serious than a false positive from an IDS since the IPS prevents the traffic from getting through instead of flagging it as malicious, which is what an IDS does.

An IPS is also more advanced than a firewall. A firewall simply blocks and filters web traffic to prevent threats based on the source, ports, and IP addresses. An IPS compares traffic patterns to signatures, allows or blocks it based on signature matches, and notifies an administrator. A firewall is a complementary technology to an IPS. Another difference between an IPS and a firewall is that an IDS/IPS is used by organisations and rarely used for home networks or personal use, whilst a firewall is used by individuals.


Feedback

  • Is there anything that you disagree with on this page?
  • Are there any spelling, grammatical, or punctuation errors on this page?
  • Are there any broken links or design errors on this page?

If so, it is important that you tell me as soon as possible on this page.


Comments


What Is Computerhelp4all?

  • Computerhelp4all is a site with articles for everyone about the topic of computing, as suggested in the name '4all'.


Featured Articles

Featured Quizzes

Topics

Computer Networking Cybersecurity Computer Systems Web Design & Development

Subtopics

Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection

Activities

Wordsearches Unscramble Words Knowledge Questions

Difficulty

Easy articles Medium articles Advanced articles

Follow Computerhelp4all


Facebook Logo
RSS Logo
YouTube Logo

Search



Related Articles





© 2022-2024 Computerhelp4all | Home | About | Privacy Policy | Cookie Policy | Terms of Use | Facebook | Twitter | RSS Feeds | YouTube