|
An intrusion prevention system (a computer security term) is any device which exercises access control to protect computers from exploitation. "Intrusion prevention" technology is considered by some to be an extension of intrusion detection (IDS) technology, but it is actually another form of access control, like an application layer firewall. Intrusion prevention systems were invented independently by Jed Haile and Vern Paxon to resolve ambiguities in passive network montoring by placing detection systems in-line. A considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done....
Read more
| |
| Intrusion Detection | In Information security, Intrusion Detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. Intrusion Detection does not in general include prevention of intrusions. Intrusion detection can be performed manually or automatically. Manual intrusion detection might take place by examining log files or other evidence for signs of intrusions. A system that performs automated intrusion detection is called an intrusion detection system (IDS). An IDS can be either host-based, if it monitors system calls or logs, or network-based if it monitors the flow of network packets. Modern IDSs are usually a...
Read more
| |
| Protocol analyzers | A key development in IDS/IPS technologies was the use of protocol analyzers. Protocol analyzers can natively decode application-layer network protocols, like HTTP or FTP. Once the protocols are fully decoded, the IPS analysis engine can evaluate different parts of the protocol for anomalous behavior or exploits. For example, the existence of a large binary file in an the User-Agent field of an HTTP request would be very unusual and likely an intrusion. A protocol analyzer could detect this anomalous behavior and instruct the IPS engine to drop the offending packets. Not all IPS/IDS engines are full protocol analyzers. Some products...
Read more
|
| Host based vs. network | * HIPS can handle encrypted and unencrypted traffic equally, because it can analyze the data after it has been decrypted on the host. * NIPS does not use processor and memory on computer hosts but uses its own CPU and memory. * NIPS is a single point of failure, which is considered a disadvantage; however, this property also makes it simpler to maintain. However, this attribute applies to all network devices like routers and switches and can be overcome by implementing the network accordingly (failover path, etc.). A Bypass Switch can be implemented to alleviate the single point of...
Read more
|
| Rate based | Rate based IPS (RBIPS) are primarily intended to prevent denial of service and Distributed Denial of Service attacks. They work by monitoring and learning normal network behaviors. Through real-time traffic monitoring and comparison with stored statistics, RBIPS can identify abnormal rates for certain types of traffic e.g. TCP, UDP or ARP packets, connections per second, packets per connection, packets to specific ports etc. Attacks are detected when thresholds are exceeded. The thresholds are dynamically adjusted based on time of day, day of the week etc., drawing on stored traffic statistics. Unusual but legitimate network traffic patterns may create false alarms....
Read more
|
|
Read other articles on our site
|
Intrusion Prevention News:
May 28: Cisco revamps enterprise mobility architecture - ZDNet Asia
May 30: Cisco Appliance Makes Play for Business Mobility - EnterpriseNetworkingPlanet
May 30: Enterasys unveils multigigabit version of distributed IPS - NetworkWorld.com
May 30: Sourcefire Declines Barracuda Networks Offer - eWeek
May 30: Verizon Business Offers New Managed All-in-One Device - TMCnet
May 30: Cisco Appliance Makes Play ... - InternetNews.com
May 29: National Center for Missing & Exploited Children Selects ... - PR-Inside.com (Pressemitteilung)
May 29: Cisco spins new era of business mobility - Computerworld
May 29: Cisco's Business Mobility Solutions - CXOToday.com
May 28: Cisco Motion Ups the Ante in Mobile Unified Communications - UCStrategies
|
