you are here:
IPS (Intrusion Prevention System)
At present, Firewall is generally known as the security tool for network system. In fact, we also have other types of security tool. In principle, a firewall works by blocking certain incoming and outgoing packets in the network. The firewall filters packets according to predefined policy set by network administrator. However, in terms of additional layer of protection, most firewalls are not capable of analyzing packets except ones that incorporate IPS (Intrusion Prevention System) and IDS (Intrusion Detection System).
IPS (Intrusion Prevention System) is a type of adaptive network security instrument that analyzes incoming and outgoing packets in order to study the probability of threats and attacks as well as undertake an immediate respond to the attacks. When there is an attack, a good IPS will automatically respond to the problem according to the predefined policy or instantly notify the network administrator. For example, IPS may drop the packet which is analyzed as malicious and block the traffic from malicious port or IP address in the future. At the same time, IPS shall not interrupt or delay normal packet or clean traffic.
Nowadays, IPS is installed to further enhance network security. The major purpose is to stop the attack before it causes any harmful effects that the existing security measures such as Firewall, Antivirus and IDS (Intrusion Detection System) are not capable of preventing. IPS is created to fill this gap. IPS is a device that has basic infrastructure like other network devices but it is capable of gathering and updating attack signature. IPS studies and assesses the pattern of traffic by utilizing complicated conditions and analysis. The information about existing network vulnerabilities under certain period shall be used to forecast possible threats and develop future prevention. Knowing how each protocol works, IPS is able to filter out and identify damaging traffic by judging whether the suspicious traffic is attacking the protocol’s loophole or not.
Although the network loopholes and new techniques of attack emerge every day, allowing attackers to quickly spread out worms, viruses and malwares without being detected by conventional technique which relies solely on attack signature. However, most IPS today are HIPS (Host-based IPS) which is capable of performing checks against malicious code and catching attacks through seamless collaboration between IPS hardware and the software installed on both server side and network clients. HIPS watches server and desktop behavior at its kernel or the heart of the operating system. It is capable of shutting down malicious processes such as worms, viruses, or malwares. It works together with firewall to permanently block harmful packet or traffic.
Currently, there are many IPS products in the market such as McAfee, Sana and Cisco products which come with capability to track and suppress the probability of harmful behavior. In addition, it can basically trap buffer overflow – a type of loophole that could lead to operating system attacks or other kinds of future vulnerabilities.
In the future IPS will be the basic standard for corporate network security and may be combined with other network devices such as switch and router in order to maintain security of network infrastructure.