Types of IPS
Host-based intrusion prevention system (HIPS)
This system works in a similar way to HIDS. The checks are on the machine on which it is installed, however, in addition to detecting the attack, it makes decisions regarding the analyzes carried out.
It has direct access to the machine's operating system and the kernel itself, thus being able to control access to the file system, configuration and system logs.
Another differential of HIPS is that it identifies suspicious behavior in the operating system, instead of comparing signatures.
In addition, HIPS brings the possibility that encrypted network traffic is identified after the packet decryption process, enabling the detection of the previously encrypted attack, a fact that does not occur in the use of NIPS and NIDS.
Network-based intrusion prevention system (NIPS)
This type of system, on the other hand, is based on an inline device, which can be a router or a switch, as they forward packets between networks. Whenever an attack is identified, decisions are made based on predefined rules, and it is these rules that will block the suspect attack.
NIPS has the property of dropping the connection, thus preventing packets from reaching their destination, just as firewalls do.
There are several other types of IDS / IPS systems, here we mention the most common and used ones, but you can check out more others by accessing this material:
Host-based intrusion prevention system (HIPS)
This system works in a similar way to HIDS. The checks are on the machine on which it is installed, however, in addition to detecting the attack, it makes decisions regarding the analyzes carried out.
It has direct access to the machine's operating system and the kernel itself, thus being able to control access to the file system, configuration and system logs.
Another differential of HIPS is that it identifies suspicious behavior in the operating system, instead of comparing signatures.
In addition, HIPS brings the possibility that encrypted network traffic is identified after the packet decryption process, enabling the detection of the previously encrypted attack, a fact that does not occur in the use of NIPS and NIDS.
Network-based intrusion prevention system (NIPS)
This type of system, on the other hand, is based on an inline device, which can be a router or a switch, as they forward packets between networks. Whenever an attack is identified, decisions are made based on predefined rules, and it is these rules that will block the suspect attack.
NIPS has the property of dropping the connection, thus preventing packets from reaching their destination, just as firewalls do.
There are several other types of IDS / IPS systems, here we mention the most common and used ones, but you can check out more others by accessing this material:
google 4409
ReplyDeletegoogle 4410
google 4411
google 4412
google 4413
google 4414