Intrusion prevention system

System to prevent unauthorised access to a system or network

Intrusion prevention systems are similar to intrusion detection systems, monitoring network boundaries or individual host systems for anomalous or unauthorised activity, but they also have the ability to block such activity once it has been identified.

In network-based intrusion prevention systems (NIPS), any data packets massing through the network boundary that are identified as potentially harmful are simply dropped. NIPS systems can analyse the content of data packets for unwanted types of data, the use of protocols for irregular or manipulative activity, and also the rate of data, watching for spikes in traffic which may indicate a mass attack or DDoS. The system can take a holistic view of the network and so may be able to spot possible infections leaking data from within the network.

At the host level (HIPS), a complex array of system monitors analyse the behaviour of processes as well as network traffic to spot behaviours contravening the system's rules, and block any unwanted activity. At this level a greater degree of inspection is possible inside data which is encrypted at the network level.

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB2012
VB2012 VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,243 registered users.