Intrusion-prevention system
From Free net encyclopedia
An intrusion prevention system (a computer security term) is any device which exercises access control to protect computers from exploitation. "Intrusion prevention" technology is considered by some to be an extension of intrusion detection (IDS) technology, but it is actually another form of access control, like an application layer firewall.
Intrusion prevention systems were invented independently by Jed Haile and Vern Paxon to resolve ambiguities in passive network monitoring by placing detection systems in-line. A considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done. As IPS systems were originally a literal extension of intrusion detection systems, they continue to be related.
Intrusion prevention systems may also act at the host level to deny potentially malicious activity. There are advantages and disadvantages to host-based IPS compared with network-based IPS. In many cases, the technologies are thought to be complementary.
An Intrusion Prevention system must also be a very good Intrusion Detection system to enable a low rate of false positives. Some IPS systems can also prevent yet to be discovered attacks, such as those caused by a Buffer overflow.
Vendors providing IPS
(Listed alphabetically)
- Cisco Systems
- Demarc Security Inc.
- Forescout INC.
- Internet Security Systems
- Intrusion Inc.
- Juniper
- Lucid Security
- McAfee
- NFR Security
- NitroSecurity Inc.
- Nortel
- Radware
- Reflex Security
- Third Brigade
- TippingPoint
- TopLayer
See also
es:Sistema de Prevención de Intrusos fr:Système de prévention d'intrusion it:Intrusion prevention system ja:IPS pt:Sistema de prevenção de intrusos zh:入侵预防系统