This content is part of the Essential Guide: How to conduct a next-generation firewall evaluation

intrusion prevention

Intrusion prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Like an intrusion detection system (IDS), an intrusion prevention system (IPS) monitors network traffic. However, because an exploit may be carried out very quickly after the attacker gains access, intrusion prevention systems also have the ability to take immediate action, based on a set of rules established by the network administrator. For example, an IPS might drop a packet that it determines to be malicious and block all further traffic from that IP address or port. Legitimate traffic, meanwhile, should be forwarded to the recipient with no apparent disruption or delay of service.

According to Michael Reed of Top Layer Networks, an effective intrusion prevention system should also perform more complex monitoring and analysis, such as watching and responding to traffic patterns as well as individual packets. "Detection mechanisms can include address matching, HTTP string and substring matching, generic pattern matching, TCP connection analysis, packet anomaly detection, traffic anomaly detection and TCP/UDP port matching."

Broadly speaking, an intrusion prevention system can be said to include any product or practice used to keep attackers from gaining access to your network, such as firewalls and anti-virus software.

This was last updated in May 2007

Next Steps

Read our introduction to wireless intrusion prevention systems, by expert George V. Hulme, and learn how WIPSes protect enterprise networks from attacks. Then review his six reasons why enterprises should consider implementing a WIPS.

Expert Ed Tittle reviews the top three threat intelligence services available and explains five key criteria to consider before investing in a threat intelligence product.

In this Buyers'Guide series, learn about the basics of intrusion prevention products, including how they work, and acquisition, deployment and management best practices; get purchasing criteria for IPS products; and find out about the enterprise benefits of network intrusion prevention systems 

Learn how the top NGFWs incorporate intrusion prevention features in this Buying Decisions series feature.


Continue Reading About intrusion prevention

Dig Deeper on Network Intrusion Prevention (IPS)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats