Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
System
Group 6
Cevallos Cedeo Vicente
Espinoza Robles Ingrid
Feraud Freire James
Yanez Escobar Alcbar
What is IPS
An Intrusion Prevention System
(IPS) is a network security/threat
prevention
technology
that
examines network traffic flows to
detect and prevent vulnerability
exploits.
Terminology
Vulnerability
Objectives
The
main objectives of an
IPS Actions
An Intrusion Prevention System can perform any
of the following actions as it detects any
malicious activity in the network:
Terminates the TCP session that is being
exploited by an outsider for the attack. It blocks
the offending user account or source IP address
that attempts to access the target host,
application, or other resources unethically.
As soon as an IPS detects an intrusion event, it
can also reconfigure or reprogram the firewall to
prevent the similar attacks in future.
Continue
IPS
Classifications
Intrusion prevention systems can be
classified into four different types:
Network-based
intrusion
prevention
system (NIPS): monitors the entire
network for suspicious traffic by analyzing
protocol activity.
Wireless intrusion prevention systems
(WIPS): monitor a wireless network for
suspicious traffic by analyzing wireless
networking protocols.
Continue
Network
behavior
analysis
(NBA):
examines network traffic to identify
threats that generate unusual traffic
flows, such as distributed denial of
service (DDoS) attacks, certain forms of
malware and policy violations.
Host-based intrusion prevention system
(HIPS): an installed software package
which monitors a single host for
suspicious activity by analyzing events
occurring within that host.
IDS:
Analyzes copies of the traffic stream
Does not slow network traffic
Allows some malicious traffic into the network
IPS:
Works inline in real time to monitor Layer 2 through Layer 7
traffic and content
Needs to be able to handle network traffic
Prevents malicious traffic from entering the network
IDS Deployment
IPS
The IPS is in line within the IPS network and not just passively
listen to the network like an IDS (traditionally placed as a
sniffer on the network).
The IPS has the ability to immediately block intrusions,
regardless of transport protocol used and without reconfiguring
an external device. This means that the IPS can filter and block
packets in native mode (using techniques such as dropping a
connection, offensive drop packets, blocking an intruder, etc.).