Intrusion prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Like an intrusion detection system (IDS), an intrusion prevention system (IPS) monitors network traffic. However, because an exploit may be carried out very quickly after the attacker gains access, intrusion prevention systems also have the ability to take immediate action, based on a set of rules established by the network administrator. For example, an IPS might drop a packet that it determines to be malicious and block all further traffic from that IP address or port. Legitimate traffic, meanwhile, should be forwarded to the recipient with no apparent disruption or delay of service.
According to Michael Reed of Top Layer Networks, an effective intrusion prevention system should also perform more complex monitoring and analysis, such as watching and responding to traffic patterns as well as individual packets. "Detection mechanisms can include address matching, HTTP string and substring matching, generic pattern matching, TCP connection analysis, packet anomaly detection, traffic anomaly detection and TCP/UDP port matching."
Read our introduction to wireless intrusion prevention systems, by expert George V. Hulme, and learn how WIPSes protect enterprise networks from attacks. Then review his six reasons why enterprises should consider implementing a WIPS.
In this Buyers'Guide series, learn about the basics of intrusion prevention products, including how they work, and acquisition, deployment and management best practices; get purchasing criteria for IPS products; and find out about the enterprise benefits of network intrusion prevention systems
Learn how the top NGFWs incorporate intrusion prevention features in this Buying Decisions series feature.