What is an IDPS or Intrusion Detection and Prevention System?
An Intrusion Prevention System or IPS, also known as an Intrusion Detection and Prevention System or IDPS is a network security appliance that monitors network and system activities and detects possible intrusions. It can also prevent intrusions by blocking or stopping the activity, logging information about it, and reporting it.
IDPS is an extension of the Intrusion Detection System (What is IDS and how does it work ?). It can detect intrusions as well as prevent them by sending an alarm, dropping a malicious network packet, resetting the connection, or blocking traffic from an offending IP address.
What are the different types of IDPS?
IDPS can be of four different types:
- Network-based Intrusion Prevention System
- Wireless Intrusion Prevention System
- Network Behavior Analyst
- Host-based Intrusion Prevention System
Network-based Intrusion Prevention System – A Network-based Intrusion Prevention System or NIPS monitors the inbound and outbound network traffic and detects and prevents intrusions by analyzing network protocol activities.
Wireless Intrusion Prevention System – A Wireless Intrusion Prevention System or WIPS monitors a wireless network, analyzes the activities, detects suspicious activities, and prevents them.
Network Behavior Analyst – A Network Behavior Analyst or NBA monitors the inbound and outbound network traffic for suspicious activities. It monitors unusual traffic flows and detects Distributed Denial of Service (DDoS) attacks. It also looks for certain forms of malware and policy violations and prevents them.
Host-based Intrusion Prevention System – A Host-based Intrusion Prevention System or HIPS is a software package installed in a host. It monitors the activities of a single host and detects and prevents malicious activities.
How does an IDPS detect intrusions?
There are three methods by which an IPS can detect intrusions :
0 Comments