Please enable JavaScript.
Coggle requires JavaScript to display documents.
INTRUSION PREVENTION SYSTEM (IPS) - Coggle Diagram
INTRUSION PREVENTION SYSTEM (IPS)
HOW IPS WORK ?
-Drop packet determined to be malicious,and follow up this action by blocking all future traffic from attacker's ip address or port.
DIFFERENT THREATS THAT IPS DESIGNED TO PREVENT:
-various types of exploits
-worms
-Distributed Denial of Service (DDos)attack
-viruses
-Denial of service (Dos) attack
-By scanning forwarded network traffic for malicious activities and known attack pattern.
-Will record information related to observed events,notify security administrator and produce report.
WHY IPS IMPORTANT :
-Cyber attacks will only become more sophisticated ,it;s important that protection technologies adapt along with their threats.
-To ensure safe and trusted communication of information between various organizations.
Disadvantages IPS
Weak damage assessment capabilities
Weak malicious insider activity detection
Definition
An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine.
ADVANTAGE OF INTRUSION PREVENTION SYSTEM (IPS)
Fewer security incidents. While connected units typically do not notice any changes, the IPS ensures less disruption for university systems and a reduced number of security incidents.
Selective logging. The IPS only records network activity when it takes action, maintaining the privacy of network users.
Privacy protection. The IPS compares network traffic against a list of known malicious traffic and does not store or view content.
Reputation-managed protection. The IPS subscribes to a reputation-based list of known malicious sites and domains, which it uses to proactively protect the university.
Example: Phishing or Malware attempts: If a university staff member clicks on a link in a phishing email or a malware ad for a site that is on the IPS denylist of known malicious sites, traffic would be blocked and the staff member would see a blank page.
Multiple threat protection. The IPS offers zero-day threat protection, mitigates brute force password attempts, and provides protection against availability threats, such as DDoS and DoS attempts.
Example: Brute Force Password Attempt: If a criminal attempts to gain access to a university account through brute force (e.g., repeated login attempts), the IPS can monitor the size of the data movements, recognize unusual patterns, and block access.
Dynamic threat response. The IPS can be fine-tuned to recognize and respond to particular threats, allowing the university to react to identified threats to university business.
Prevention action
proactive process to identify opportunities for improvement to identified problems or complaints
a change implemented to address a weakness in a management system that is not yet responsible for causing nonconforming product or service
Example
Performing regular maintenance on equipment and machinery
Implementing new training programs for employees
Types of Intrusion Prevention System
Wireless intrusion prevention system
is considered another type of intrusion detection system that operates over a wireless network.
used to monitor malicious activity on wireless networks.
Network-based intrusion prevention system
This can be considered as the other kind of IPS that is deployed in the network in order to prevent malicious activities.
The purpose of this IPS to monitor or keep a check on the entire network.
Host-based intrusion prevention system
type of intrusion prevention system that operates on a single host.
is intended to ensure that no malicious activity occurs on the internal network.
Network behaviour analysis
used to understand the network’s behaviour, and all the network moving throughout the network remains in sustain surveillance of this system.
main purpose is to ensure that no malicious packets should be drafted and transmitted through the internal network
Types Of Prevention
Secondary Prevention
early disease detection, making it possible to prevent the worsening of the disease and the emergence of symptoms, or to minimize complications and limit disabilities before the disease becomes severe.
Tertiary Prevention
to reduce the negative impact of an already-established disease by restoring function and reducing disease-related complications.
Primary Prevention
aims to avoid the development of a disease or disability in healthy individuals.