Intrusion prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Like an
intrusion detection system (IDS), an intrusion prevention system (IPS) monitors network traffic. However, because an
exploit may be carried out very quickly after the attacker gains access, intrusion prevention systems also have the ability to take immediate action, based on a set of rules established by the network administrator. For example, an IPS might drop a
packet
that it determines to be malicious and block all further traffic from that
IP address or
port. Legitimate traffic, meanwhile, should be forwarded to the recipient with no apparent disruption or delay of service.
According to Michael Reed of Top Layer Networks, an effective intrusion prevention system should also perform more complex monitoring and analysis, such as watching and responding to traffic patterns as well as individual packets. "Detection mechanisms can include address matching, HTTP string and substring matching, generic pattern matching, TCP connection analysis, packet anomaly detection, traffic anomaly detection and TCP/UDP port matching."
Broadly speaking, an intrusion prevention system can be said to include any product or practice used to keep attackers from gaining access to your network, such as firewalls and anti-virus software.
This was last updated in December 2004
Dig Deeper
-
Adobe Reader X uses Microsoft's sandboxing technology to block potentially dangerous processes from executing beyond the confines of the software.
-
Microsoft repaired four vulnerabilities in its Forefront Unified Access Gateway and a critical flaw in Microsoft Office.
-
Download the entire October 2010 issue of Information Security magazine here in PDF format.
-
People who read this also read...
-
Resources from around the Web