What is an Intrusion Prevention System (IPS)?

Intrusion Prevention Systems (IPS) are among the most important network security measures a network can have.

What is an Intrusion Protection System?

Intrusion protection systems are a control system; not only do they detect potential threats to a network system and its infrastructure, but they also seek to actively block all connections that may pose a threat. This is different from more passive protections like intrusion detection systems.

An intrusion prevention system continuously monitors network traffic, particularly at the individual packet level, to check for possible malicious attacks. It collects information about these packages and reports them to system administrators, but it also performs its own preventive actions.

If an IPS detects potential malware or another type of vindictive attack, it will block those packets from entering the network.

It may also take other measures, such as removing vulnerabilities in system security that could be continually exploited. It can shut down access points to a network and set up secondary firewalls to check for such attacks in the future, adding additional layers of security to network defenses.

What kind of attacks can IPS prevent?

Intrusion prevention systems can scan for and protect against a variety of potential malicious attacks. They have the ability to detect and block Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks, exploit kits, worms, computer viruses and other types of malware .

What does IPS do if it detects an attack?

An intrusion prevention system can detect various attacks by analyzing packets and looking for particular malware signatures, although it can also take advantage of behavioral tracking to look for abnormal activity on a network, as well as monitor all protocols and administrative security policies, and whether they are violated. .

If any of these detection methods uncover a potential attack, an IPS can immediately terminate the connection it originated. The offending IP address may then be blocked if the IPS is configured to do so, or the user associated with it may again be barred from accessing the network and all connected resources.

An IPS can also modify local firewall settings to re-scan for such attacks, and can even remove any remnants of an attack by deleting malware-affected headers, infected attachments, and malicious links. file and mail servers.

IDS versus IPS

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) can both be related to security, but they have entirely different purposes and means to that end.

There are many types of IDS and IPS and they all work a little differently. For IDS, there are Network Intrusion Detection Systems (NIDS) that sit at strategic points in a network to detect potential attacks as they unfold across the network.

HIDS, or Host Intrusion Detection Systems, run on individual systems and devices and only monitor network activity to and from that particular system.

In either case, IDSs that discover a potential attack will notify system administrators.

In contrast, IPS systems will play a role similar to IDS – and can be used in conjunction with them for better network monitoring – but will play a more active role in network protection.

They will also notify administrators if attacks are detected, but they will also take punitive action against any systems, individual accounts, or firewall breaches to ensure the attack is blocked and all associated files are removed from the network.

As the name suggests, intrusion detection systems are designed to let you know if and when an attack is occurring so you can manually deal with the problem. Intrusion prevention systems are designed to actively protect your system against attacks and to prevent future attacks by adjusting network settings.


  • Where can I find an IPS for my network?

    There are a number of IPS options available, across multiple operating systems and with a variety of functions. Some will cost money to set up or license, but there are some well-regarded free IPS choices as well.

  • Does an IPS have weaknesses?

    Like any system, an IPS is not infallible. Too many attacks occurring too close together can sometimes overwhelm the system, and some systems are more susceptible to direct attacks. Because it is a largely automated system, an IPS is also susceptible to a number of false alarms and cannot make its own recommendations for further response to intrusions.

Previous Navjot Sidhu appoints former IPS officer Mohd Mustafa as strategic adviser: The Tribune India
Next How to Flush DNS in Linux