Intrusion prevention systems (IPS)

December 2016

IPS

The computing media is starting to use the term IPS (Intrusion Prevention System) more and more, as a replacement for "traditional" IDSs or to make a distinction between them.

An IPS is a system for preventing intrusions and protect against them, not just recognising and reporting them like most IDSs. There are two main characteristics which distinguish a (network) IDS from a (network) IPS:

  • The IPS sits inline on the IPS network, and does not just passively listen to the network like an IDS (traditionally placed as a sniffer on the network).
  • The IPS has the ability to immediately block intrusions, no matter what transport protocol is used and without reconfiguring a third-party device, which means that the IPS can filter and block packets in native mode (by dropping the connection, dropping offending packets, blocking the intruder, etc.).

Article written 29 January 2003 by Cyrille Larrieu.


Related :


Sistema de prevención de intrusiones (IPS)
Sistema de prevención de intrusiones (IPS)
Systèmes de prévention d'intrusion (IPS)
Systèmes de prévention d'intrusion (IPS)
Sistemi di prevenzione d'intrusione (IPS)
Sistemi di prevenzione d'intrusione (IPS)
Sistemas de prevenção de intrusão (IPS)
Sistemas de prevenção de intrusão (IPS)
This document entitled « Intrusion prevention systems (IPS) » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.