Tuesday, September 21, 2010

Blocking Intruders Using Network Intrusion Prevention

We all have heard of electric fences that are basically used to promote safety and deter intruders from entering our territory. It's no different for our computer networks. They also require effective protection through an electric fence called network intrusion prevention. A network intrusion prevention system or IPS is generally referred to as an active security measure because it is capable of blocking malicious traffic by interfering in the data flow. In network security, the IPS represents the next generation intrusion detection system. It inherits the thorough detection capabilities of an IPS and the blocking abilities of a firewall device to perform intrusion prevention.
How a Network Intrusion Prevention Device Works
A network intrusion prevention system thoroughly analyzes every network data packet that passes through the network. This way, an IPS keeps a check on the traffic and also recognizes patterns of data. An IPS instantly acts whenever an unauthorized user carries out an attack on the network. It identifies the attack and denies access to that user leaving his/her attempt of intruding in the network futile. An IPS also plays an important role in shifting the traffic flow through the network and ensures that there is no interruption in the way of crucial files. For instance, financial transactions can be prioritized over normal web surfing by using an IPS.
Network Intrusion Prevention and Zero-Day Threat Prevention
An IPS deploys a database of 'generic attack behaviors' that is intended to block unknown attacks apart from a signature database that contains known attack patterns. This functionality is referred to as zero-day threat prevention. A zero-day threat is a type of malicious code and is powerful enough to mislead even antivirus and anti-spyware software. You may deploy this functionality to your network but it may block legitimate traffic by falsely identifying it as an attack. This is not the case with an Intrusion Detection System (IDS). The idea is to configure your IPS device to work like an IDS so that it can collect traffic and enable the administrator to recognize any false positive flows. These flows can be excluded from the inspection engine once the system is configured to act as IPS.

2 comments: