Intrusion Prevention Systems

Written by Charles Peacock
Bookmark and Share

Intrusion prevention systems are the newest line of defense for corporate and organizational networks. They are designed to improve upon existing network security technologies like firewalls, routers and gateways. Each of these older technologies has flaws that have recently been exploited by hacker and worm attacks, and intrusion prevention systems are designed to answer these flaws.

What Intrusion Prevention Systems Do

Intrusion prevention systems (IPS's) work to actively prevent hacker, virus and worm attacks. Traditional security systems like firewalls simply create a perimeter line of defense that protects a network from the outside. The problem with this type of defense is that if a worm makes its way into the network (through an email attachment, for instance), it can spread through the network freely since it has already penetrated the firewall.

Many older security systems feature detection programs that are able to detect internal problems and alert you in the event that an attack occurs. Since many worms spread quickly, however, by the time you receive the alert and begin your defense the damage may already be done. An IPS improves on this system in that it actively detects and fights against internal attacks.

An IPS is designed to constantly examine your network and to look for dangerous packets that might be hidden in normal network traffic. If it detects an offending packet, it works to immediately block that packet and any related attacks. This is the only way to effectively protect your network against an attack that has made its way past your network firewall.

Bookmark and Share