IPS (Intrusion Prevent System) and IDS (Intrusion Detection System) are systems developed to ensure internet network security. You can find details about these systems used to detect and prevent cyber threats in our article.
What is IPS (Intrusion Prevention System)?
IPS (Intrusion Prevention System), a cyber attack prevention system, monitors and prevents dangerous, suspicious and risky activities. IPS constantly monitors and controls traffic on the network. When it detects an abnormal situation, it restricts the data flow and sends a warning to the network administrator.
How Does IPS (Intrusion Prevention System) Work?
The IPS system is generally located behind the firewall. In cases where malicious activity is detected, it performs many automatic actions such as resetting the connection, alerting administrators, and blocking traffic from the source address.
There are also several different methods used to identify threats:
Signature Based: This terminology emerged because the detected threats were expressed as signatures by anti-virus programs. This approach is used to prevent previously known network threats from causing a problem again.
Anomaly-Based: In the anomaly-based method, which is more reliable than signature-based monitoring, it compares the activities on the network with basic standards. Artificial intelligence and machine learning are used to support this method.
Policy-Based: Less common than signature-based or anomaly-based method. Activities that threaten the security principles defined by the organization or create suspicious situations are blocked. For this, it is necessary to determine and configure security policies beforehand.
What are the IPS (Intrusion Prevention System) Types?
NBA (Network Behavior Analysis): Used to detect unusual traffic behavior on the network, such as DDoS attacks.
HIPS (Host Based Intrusion Prevention): It does not control the entire network, it only controls the traffic on the computer on which it is installed.
NIPS (Network-Based Intrusion Prevention): Helps monitor threats in network traffic for proactive scanning.
WIPS (Wireless Intrusion Prevention Systems): Used to monitor threats on the Wi-Fi network and prevent unauthorized access.
What is IDS (Intrusion Detection System)?
It is a software or hardware security system that is used to constantly monitor and scan a network against situations such as security vulnerabilities, potential attacks, and suspicious activities. In addition to basically detecting attacks, the IDS system also has different functions such as quarantining, reporting and recording. It can also be used integrated with the IPS system.
What are the IDS Types?
Network Intrusion Detection System (NIDS): It is installed at a planned point within the network to examine traffic from all devices on the network. Alerts can be sent when an attack is detected or abnormal activity is observed.
Host Intrusion Detection System (HIDS): Operates on individual hosts or devices on the network. It monitors incoming and outgoing traffic and alerts the administrator when suspicious activity is detected.
Protocol-based Intrusion Detection System (PIDS): Checks the protocol between the user or device and the server.
In summary, both systems can run behind a firewall. Additionally, it can operate both in hardware and software. The aim is to detect potential attacks using IDS and the action to be taken is reported. IPS can take action automatically. The aim is to stop and prevent attacks by using IPS.
