An IPS is typically designed to operate completely invisibly on a network. IPS products do not have IP addresses for their monitoring segments and do not respond directly to any traffic. Rather, they merely silently monitor traffic as it passes. While some IPS products have the ability to implement firewall rules, this is often a mere convenience and not a core function of the product. Moreover, IPS technology offers deeper insight into network operations providing information on overly active hosts, bad logons, inappropriate content and many other network and application layer functions.
IPS - Intrusion Preventive System
IDS - Intrusion Detection System
IPS systems have some advantages over intrusion detection systems (IDS). One advantage is they are designed to sit inline with traffic flows and prevent attacks in real-time. In addition, most IPS solutions have the ability to look at (decode) layer 7 protocols like HTTP, FTP, and SMTP which provides greater awareness. When deploying NIPS however, consideration should be given to whether the network segment is encrypted or not as many products are unable to support inspection of such traffic.
Example of IPS : BlackICE Desktop (a host-IPS for end-user systems) BlackICE Guard (an in-line network IPS) and BlackICE Sentry (a passive, IDS solution).
Example of IPS : BlackICE Desktop (a host-IPS for end-user systems) BlackICE Guard (an in-line network IPS) and BlackICE Sentry (a passive, IDS solution).
References :
http://en.wikipedia.org/wiki/Intrusion_prevention_system
No comments:
Post a Comment