- Intrusion prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Like an intrusion detection system (IDS), an intrusion prevention system (IPS) monitors network traffic. However, because an exploit may be carried out very quickly after the attacker gains access, intrusion prevention systems also have the ability to take immediate action, based on a set of rules established by the network administrator. For example, an IPS might drop a packet that it determines to be malicious and block all further traffic from that IP address or port. Legitimate traffic, meanwhile, should be forwarded to the recipient with no apparent disruption or delay of service.
According to Michael Reed of Top Layer Networks, an effective intrusion prevention system should also perform more complex monitoring and analysis, such as watching and responding to traffic patterns as well as individual packets. "Detection mechanisms can include address matching, HTTP string and substring matching, generic pattern matching, TCP connection analysis, packet anomaly detection, traffic anomaly detection and TCP/UDP port matching."
Broadly speaking, an intrusion prevention system can be said to include any product or practice used to keep attackers from gaining access to your network, such as firewalls and anti-virus software.
 |
Learn more about Network Intrusion Prevention (IPS) |
| LAST UPDATED: |
29 May 2007
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|

 |
More resources from around the web:
|


');
// -->


 |
 |
|  |
RELATED GLOSSARY TERMS
| Terms from Whatis.com − the technology online dictionary |
 |
Diffie-Hellman key exchange
(SearchSecurity.com)
Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses a number raised to specific powers to...
|
 |
network behavior analysis
(SearchSecurity.com)
Network behavior analysis (NBA) is a method of enhancing the security of a proprietary network by monitoring traffic and noting unusual actions or...
|
|

|