130 likes | 342 Views
IPS An Intrusion Prevention System. Prepared by Hadeel Matar Al-Anzi. Introduction. What is an Intrusion Prevention System?. It is an appliance used in an network security strategy. What can an IPS do?. IPS can detect and block: - Web and database attacks - Spyware / Malware
E N D
IPSAn Intrusion Prevention System Prepared by Hadeel Matar Al-Anzi
Introduction • What is an Intrusion Prevention System? It is an appliance used in an network security strategy.
What can an IPS do? IPS can detect and block: - Web and database attacks - Spyware / Malware - Peer to Peer (P2P) - Worm propagation
IPS Types IPS can be grouped into 3 categories : - Signature Based - (NBAD) - Hybrid
IPS Types of network-based or host-based IPS: The network-based system monitors all network traffic, while the host-based is specific to either an IP address or computer.
IPS, Application Firewalls, Unified Threat Management & Access Control • The role of an IPS in a network is often confused with access control and application-layer firewalls. • There are some notable differences in these technologies. • While all share similarities, how they approach network or system security is fundamentally different.
IPS, Application Firewalls, Unified Threat Management & Access Control • An IPS is typically designed to operate completely invisibly on a network. • IPS products do not typically claim an IP address on the protected network but may respond directly to any traffic in a variety of ways.
Major strengths of intrusion prevention systems Automatically Identifies and Blocks Threats Reduces Time Spent Reviewing Log Files to Identify Threats Reduces Need for Manpower to Monitor Threats Enhances Network Security Architecture
The strength/weaknesses of IPS Weaknesses of many current intrusion prevention systems are: Lack of Network Visibility Lack of User Visibility Inability to Adapt to Network Changes in Real-Time