Please enable JavaScript.

Coggle requires JavaScript to display documents.

11.- IPS Technologies - Coggle Diagram

- - - - Send an alarm to a syslog server or a centralized management interface
      - Drop the packet
      - Reset the connection
      - Deny traffic from the source IP address of the threat for a specified amount of time
      - Deny traffic on the connection for which the signature was seen for a specified amount of time
  - - - IDS mode - Snort inspects the traffic and reports alerts, but does not take any action to prevent attacks.
        IPS mode - In addition to intrusion detection, actions are taken to prevent attacks.
- - - - The IDS works passively.
      - The IDS device is physically positioned in the network so that traffic must be mirrored in order to reach it.
      - Network traffic does not pass through the IDS unless it is mirrored.
      - Very little latency is added to network traffic flow.
  - - - IDS and IPS technologies are both deployed as sensors. An IDS or IPS sensor can be in the form of several different devices:
      - A router configured with IPS software
      - A device specifically designed to provide dedicated IDS or IPS services
      - A hardware module installed in an adaptive security appliance (ASA), switch, or router
- - - - A network-based IPS can be implemented using a dedicated or non-dedicated IPS device such as a router. Network-based IPS implementations are a critical component of intrusion prevention. Host-based IDS/IPS solutions must be integrated with a network-based IPS implementation to ensure a robust security architecture.
      - Sensors detect malicious and unauthorized activity in real time and can take action when required. As shown in the figure, sensors are deployed at designated network points. This enables security managers to monitor network activity while it is occurring, regardless of the location of the attack target.