Intrusion prevention system

System to prevent unauthorised access to a system or network

Intrusion prevention systems are similar to intrusion detection systems, monitoring network boundaries or individual host systems for anomalous or unauthorised activity, but they also have the ability to block such activity once it has been identified.

In network-based intrusion prevention systems (NIPS), any data packets massing through the network boundary that are identified as potentially harmful are simply dropped. NIPS systems can analyse the content of data packets for unwanted types of data, the use of protocols for irregular or manipulative activity, and also the rate of data, watching for spikes in traffic which may indicate a mass attack or DDoS. The system can take a holistic view of the network and so may be able to spot possible infections leaking data from within the network.

At the host level (HIPS), a complex array of system monitors analyse the behaviour of processes as well as network traffic to spot behaviours contravening the system's rules, and block any unwanted activity. At this level a greater degree of inspection is possible inside data which is encrypted at the network level.

Glossary


	Similar entries Anti-malware Anti-spyware Anti-virus Behaviour blocker Blacklist CAPTCHA Challenge-response Content filtering Demilitarized Zone Encryption Firewall Heuristics Intrusion detection system Layered defence OCR On-access scanning Patch Patch Tuesday Public Key Cryptography Service pack Spam filter URL filtering Walled garden Whitelisting See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB2012


	VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

Intrusion prevention system

See also