“What is and IPS and IDS?”
Intrusion Protection Services, also referred to as Intrusion Prevention Systems (IPS), are a type of security technology that looks at the flow of your networks traffic to assess its vulnerability.
This algorithm is used to upgrade a firewall to look at patterns or unusual activity, whether they are bots or a hacker trying to obtain information. These exploits can come in many forms, most commonly as malicious inputs that target an app or service attackers can then use to interrupt or takeover your system. In the event that there is a security breach, the IPS will shut the IP down, drop the packet and alert you.
While an IPS has a number of detection methods, the most dominant is Signature-based detection. This method relies on a database of unique patterns, which the IPS identifies in the code of each exploit. With each discovery of an exploit, the signature is recorded and stored.
Types of Signature-based Detection
- Exploit-facing: Identify and target individual threats by their unique patterns.
- Vulnerability-facing: Target the underlying vulnerability of a system that is being attacked.
An Intrusion Prevention System is an add-on to a firewall that adds an extra layer of protection. It can actively analyze any communication path from its origin source to its destination and track the entire flow through a network. To prevent problems, an IPS will:
- Drop malicious packets
- Block traffic from the address the problem comes from
- Reset the connection