by Rich Buehrle
Posted in Business on
Intrusion prevention software and hardware are used in medium to large network configurations. These systems help monitor network and system activities for malicious activity. The idea is to identify the activity, then log the information about the activity in order to block or stop the activity, then actually block and or stop the activity, and finally report the events that were part of the attack for further review by the network administrator.
Classification of IPS
There are 4 common types of classifications for which an intrusion system can fall.
The first being NIPS or Network-based Intrusion Prevention. This monitors the entire network for unwanted traffic and activity by analyzing information that is collected about protocol activity.
WIPS or Wireless Intrusion Prevention covers the exact aim and idea behind NIPS but on a wireless level.
NBA or Network Behavior Analysis is used to protect against such threats as DDoS attacks by monitoring the network traffic for unusual traffic flows which can also be caused by malware and policy violations.
HIPS or Host-based Intrusion Prevention is the most common and is a software package installed on a system which analyzes events that happen on the host system for suspicious activity
The three most common ways intrusions are detected are listed below.
Signature based Detection uses the idea that many attacks are preconfigured and contain several "markers" that when found at the same time within the constraints of the rule that monitors it will throw a flag and trigger the program to take evasive action to prevent the attack. These help to guard against exploitation attacks as well as vulnerability attacks.
Statistical Anomaly-based Detection monitors the networks performance and compares it to a baseline created by the administrator and if the sample of the network performance falls below that the systems takes the appropriate action to solve the attack or prevent it from continuing.
Stateful Protocol Analysis Detection this also uses a predetermined protocol suite to determine if there is a deviation from the specified rules and takes actions to prevent further attacks.
All of these systems are to help detect when someone attempts to attack your network by monitoring different protocols that are setup to make sure the network runs within the specified rules. This can help with balancing the load of network traffic and helping to block DDoS attacks so that your network doesn't overload and shut down.
Karen Scarfone , KS. (2007). Guide to intrusion detection and prevention systems (idps) . NIST Special Publication, ( 800-94), Retrieved from http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
about the author
More about Rich Buehrle:
Rich is a founding member of Security Mecca. Rich is an E Biz D major with focus on Business Analysis and graduates in December 2011.
questions or comments?
If you have any questions or comments about this article, feel free to contact us!