Efficiency of the Intrusion Prevention system

Asked By 10 points N/A Posted on -
qa-featured

What's the best way for me to test or check if my Intrusion Prevention system is working?

SHARE
Best Answer by Sumabat hath
Best Answer
Best Answer
Answered By 0 points N/A #115198

Efficiency of the Intrusion Prevention system

qa-featured

Also known as Prevention and Intrusion detection systems, the Intrusion prevention systems (IPS) are  used in monitoring activities which are malicious in nature and which are also related to the network. Expected functions for IPS include prevention and identification of malicious activities and stop them from progressing further.

There are different methods  to see if IPS is in the active state or not. This is as provided below:

  • Anomaly detection vs misuse detection : In case of anomaly detection, the system administrator defines the baseline.The anomaly detector helps in monitoring the network segments and also compares the various states of them to the normal and prescribed baselines and then would see for any anomalies.In the case of misuse detection, IDS would  use the information compares with large databases containing attack signatures and analyze them.IDS would be looking at the specific details of the already well documented attack.The misuse detection software or the virus detection system is good only if the  database containing the attack signature is good and the comparison procedure it does against the packets.
  • Host-based systems vs Network-based : In host based system, the focus is on the examination of the activities on the each individual host or computer.However in the case of  network-based system, the focus is on the analysis of individual packets which flow through the network.They can detect malicious packets filtering rules which could be simplistic.
  • Reactive system vs passive system : In a reactive system, the IDS  is reacting to malicious activities by either of logging off  or with the help or programming the firewall, which in turn blocks the traffic from the network especially from the suspected source.. In the  passive system, IDS provides signals which alert the system to know there is a potential security breach.
Answered By 564980 points N/A #115199

Efficiency of the Intrusion Prevention system

qa-featured

Intrusion Prevention Systems [IPS] are also known in another term as Intrusion Detection and Prevention Systems [IDPS]. These are kinds of network security hardware that checks network activities as well as system activities for any sign of malicious activity. Its main purpose is to detect any malicious activity then create a log information about it. After that it will try to stop or block the activity from progressing and then notify the administrator or the user about the detected activity.

IPS are considered as extensions of IDPS because they both check system activities and network traffic for any malicious activity. The only difference is that IPS can dynamically block and prevent the detected intrusion and can execute actions like dropping the malicious packets, sending an alarm, blocking the traffic from the offending IP address, and resetting the connection. It can also fix errors in the Cyclic Redundancy Check [CRC].

Intrusion Prevention Systems are classified into 4 types:

  • Network-based Intrusion Prevention System [NIPS] – checks the whole network for any suspicious traffic.
  • Wireless Intrusion Prevention Systems [WIPS] – monitors wireless the network.
  • Network Behavior Analysis [NBA] – inspects network traffic to find threats that create strange traffic flows like for example the Distributed Denial of Service [DDoS] attacks.
  • Host-based Intrusion Prevention System [HIPS] – software package that needs to be installed that can monitor a single host for malicious activity.

Login/Register to Answer

Related Questions