Intrusion Prevention Systems
Sign in

Intrusion Prevention Systems

Information Security Professiona
An an intrusion prevention system, or IPS, improves upon the handcuffed an intrusion detection system (IDS) by responding to, and taking steps to prevent the progress of, an attack.  The most common form of reaction is dropping the suspect connection, and perhaps resetting the firewall to block future traffic from that source.  

You might be thinking, “Why is there a distinction?  Take an IDS, set it so that it takes action, and you have an IPS.”  That assessment is reasonably accurate, which is why the definitions of IDS and IPS are somewhat fluid.  The reason that IDS still exists is that the improved arsenal an IPS offers takes more computational horsepower and time.  Also, having a pre-set decision takes away the human touch, which could result in an unacceptable level of false rejections.  So in situations where you can have someone monitoring for alerts, an IDS might make sense.

Next time: Network Architecture

start_blog_img