Scribd
Upload
106 views

Ids/Ips

The document discusses intrusion prevention systems (IPS), including definitions of IPS and intrusion detection systems. It describes different types of IPS such as network-based, wireless, and host-based. It also covers IPS detection methods like signature-based, anomaly-based, and stateful protocol analysis.

Uploaded by

zaiby41
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
106 views

Ids/Ips

The document discusses intrusion prevention systems (IPS), including definitions of IPS and intrusion detection systems. It describes different types of IPS such as network-based, wireless, and host-based. It also covers IPS detection methods like signature-based, anomaly-based, and stateful protocol analysis.

Uploaded by

zaiby41
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 7

IDS/IPS

Definitions
Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking resources) Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

Definitions
Intrusion Detection Systems Intrusion detection: is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible intrusions (incidents). Intrusion detection system (IDS): is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS): is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.

Similar to firewall, but different


Traditional firewall examines header IPS examines payload as well

Classification of IPS
Intrusion prevention systems can be classified into four different types:
1. 2. 3. Network-based intrusion prevention system (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity. Wireless intrusion prevention systems (WIPS): monitor a wireless network for suspicious traffic by analyzing wireless networking protocols. Network behavior analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware and policy violations. Host-based intrusion prevention system (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

4.

Detection methods
The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis.
Signature-Based Detection: Signature based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures. Statistical anomaly-based detection: A statistical anomaly-based IDS determines the normal network activity like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other- and alert the administrator or user when traffic is detected which is anomalous(not normal). Stateful Protocol Analysis Detection: This method identifies deviations of protocol states by comparing observed events with predetermined profiles of generally accepted definitions of benign activity.

Top Selling IDS/IPS


Cisco ranked highest among six top selling IPS solution providers
McAfee, Juniper, IBM, Sourcefire and TippingPoint SNORT OSSEC HIDS Tcpdump : The classic sniffer for network monitoring and data acquisition Sax2 Intrusion detection and prevention system (IDS)

You might also like