IPS An Intrusion Prevention System Prepared by Hadeel

IPS An Intrusion Prevention System Prepared by Hadeel Matar Al-Anzi LOGO

Introduction § What is an Intrusion Prevention System? It is an appliance used in an network security strategy.

What can an IPS do? IPS can detect and block: - Web and database attacks - Spyware / Malware - Peer to Peer (P 2 P) - Worm propagation

IPS Types IPS can be grouped into 3 categories : - Signature Based - (NBAD) - Hybrid

IPS Types of network-based or host-based IPS: The network-based system monitors all network traffic, while the host-based is specific to either an IP address or computer.

IPS, Application Firewalls, Unified Threat Management & Access Control § The role of an IPS in a network is often confused with access control and application-layer firewalls. § There are some notable differences in these technologies. § While all share similarities, how they approach network or system security is fundamentally different.

IPS, Application Firewalls, Unified Threat Management & Access Control § An IPS is typically designed to operate completely invisibly on a network. § IPS products do not typically claim an IP address on the protected network but may respond directly to any traffic in a variety of ways.

Major strengths of intrusion prevention systems § Automatically Identifies and Blocks Threats § Reduces Time Spent Reviewing Log Files to Identify Threats § Reduces Need for Manpower to Monitor Threats § Enhances Network Security Architecture

The strength/weaknesses of IPS Weaknesses of many prevention systems are: current intrusion § Lack of Network Visibility § Lack of User Visibility § Inability to Adapt to Network Changes in Real -Time

LOGO