Intrusion Prevention (IPS)
The IPS usually sits directly behind the firewall and provides a complementary layer of analysis that negatively selects dangerous content. Unlike its predecessor, the Intrusion Detection System (IDS) - which is a passive system that checks traffic and informs about threats - the IPS is placed inline (in the direct communication path between source and destination), actively analyzing and taking automated actions on all traffic flows entering the network. Specifically, these actions include:
As an inline security component, IPS must work efficiently to avoid degrading network performance. It should also work fast because the exploits can happen in almost real-time. The IPS must also accurately detect and respond in order to eliminate threats and false positives (legitimate packages interpreted as threats).
The IPS usually sits directly behind the firewall and provides a complementary layer of analysis that negatively selects dangerous content. Unlike its predecessor, the Intrusion Detection System (IDS) - which is a passive system that checks traffic and informs about threats - the IPS is placed inline (in the direct communication path between source and destination), actively analyzing and taking automated actions on all traffic flows entering the network. Specifically, these actions include:
- Sending an alarm to the administrator (as would be seen in an IDS)
- Dropping malicious packages
- Blocking traffic from the source address
- Reset the connection
As an inline security component, IPS must work efficiently to avoid degrading network performance. It should also work fast because the exploits can happen in almost real-time. The IPS must also accurately detect and respond in order to eliminate threats and false positives (legitimate packages interpreted as threats).
google 3079
ReplyDeletegoogle 3080
google 3081
google 3082
google 3083
google 3084