The computing media is starting to use the term IPS (Intrusion Prevention System) more and more, as a replacement for "traditional" IDSs or to make a distinction between them.
An IPS is a system for preventing intrusions and protect against them, not just recognising and reporting them like most IDSs. There are two main characteristics which distinguish a (network) IDS from a (network) IPS:
- The IPS sits inline on the IPS network, and does not just passively listen to the network like an IDS (traditionally placed as a sniffer on the network).
- The IPS has the ability to immediately block intrusions, no matter what transport protocol is used and without reconfiguring a third-party device, which means that the IPS can filter and block packets in native mode (by dropping the connection, dropping offending packets, blocking the intruder, etc.).
Article written 29 January 2003 by Cyrille Larrieu.
Sistema de prevención de intrusiones (IPS)
Systèmes de prévention d'intrusion (IPS)
Sistemi di prevenzione d'intrusione (IPS)
Sistemas de prevenção de intrusão (IPS)