Intrusion Prevention System

from Wikipedia, the free encyclopedia

As Intrusion Prevention Systems (abbreviated IPS ) are intrusion detection systems (short IDS ) indicates that provide beyond the mere generation of events (events) out functions that can ward off a specific attack.

function

Intrusion detection and intrusion prevention systems are tools that actively monitor data traffic to / from IT systems or networks. The goal is to filter out events that indicate attacks, attempts at abuse or security breaches. Events should be recognized and reported promptly. The methods are based on pattern recognition in order to signal a deviation from a normal state. Heuristic methods should also be used to detect previously unknown attacks. While IDS only detect attacks, IPS are also supposed to fend off or prevent them. However, the term was originally coined by marketing, which led to the fact that there are sometimes controversial ideas about the extent to which one can speak of an intrusion prevention system . The latency created by examining the data by an IPS system is typically less than 100 microseconds . Another function of some OSI Layer 2-based IPS systems is the ability to forward IP frames even in the event of a power failure in the IPS system ("Zero Power High Availability").

The following characteristics are often highlighted as attributes of a network-based IPS :

  • the IPS is used inline (in the transmission path) and can interrupt or change the data stream in the event of an alarm
  • the IPS has modules that actively influence the rules of firewall systems. This means that the data stream can be interrupted or changed indirectly

There are different types of IPS depending on how they work:

  • The HIPS (host-based IPS) is executed on the computer that is intended to prevent in the ingress.
  • The NIPS (Network-based IPS), however, monitors the network traffic in order to protect connected computers from intruders.
    • The CBIPS (Content-based IPS) examines the content of the transmitted data for potentially dangerous components.
    • The Protocol Analysis IPS analyzes the transmissions on the protocol level and searches for possible attack patterns.
    • The RBIPS (rate-based IPS) monitors the type and volume of data traffic in order to be able to initiate network countermeasures.

Examples of open source implementations of IPS are Snort , Untangle NIPS or Lokkit.

See also

Individual evidence

  1. Fraunhofer FOKUS Competence Center Public IT: The ÖFIT trend sonar in IT security. Intrusion Detection and Intrusion Prevention - Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). April 2016, archived from the original on July 6, 2016 ; accessed on May 26, 2016 : “Intrusion detection and intrusion prevention systems are tools that actively monitor IT systems or networks. The aim is to filter out events that indicate attacks, attempts at abuse or security breaches (...). Events should be recognized and reported promptly. The methods are based on pattern recognition in order to signal a deviation from a normal state. Heuristic methods should also be used to detect previously unknown attacks. While IDS only detect attacks, IPS should also fend off or prevent them. "
  2. Datasheet Tippingpoint 440T. (PDF; 160 KB) Trend Micro , accessed April 12, 2017 .