Systeme zur Prävention von Intrusionen (IPS) Sistema de prevención de intrusiones (IPS) Systèmes de prévention d'intrusion (IPS) Sistemi di prevenzione d'intrusione (IPS) Sistemas de prevenção de intrusão (IPS)

Intrusion prevention systems (IPS)

Article Table of contents

IPS

The computing media is starting to use the term IPS (Intrusion Prevention System) more and more, as a replacement for "traditional" IDSs or to make a distinction between them.

An IPS is a system for preventing intrusions and protect against them, not just recognising and reporting them like most IDSs. There are two main characteristics which distinguish a (network) IDS from a (network) IPS:

  • The IPS sits inline on the IPS network, and does not just passively listen to the network like an IDS (traditionally placed as a sniffer on the network).
  • The IPS has the ability to immediately block intrusions, no matter what transport protocol is used and without reconfiguring a third-party device, which means that the IPS can filter and block packets in native mode (by dropping the connection, dropping offending packets, blocking the intruder, etc.).

Article written 29 January 2003 by Cyrille Larrieu.

Last update on Thursday October 16, 2008 02:43:19 PM by Jeff
This document entitled « Intrusion prevention systems (IPS) » from Kioskea.net (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.
IDS Logs
Suggestions
More
Exclusive interview for Kioskea
Paul Hermelin
IDS
Logs