Efficiency of the Intrusion Prevention system

Efficiency of the Intrusion Prevention system

Also known as Prevention and Intrusion detection systems, the Intrusion prevention systems (IPS) are  used in monitoring activities which are malicious in nature and which are also related to the network. Expected functions for IPS include prevention and identification of malicious activities and stop them from progressing further.

There are different methods  to see if IPS is in the active state or not. This is as provided below:

• Anomaly detection vs misuse detection : In case of anomaly detection, the system administrator defines the baseline.The anomaly detector helps in monitoring the network segments and also compares the various states of them to the normal and prescribed baselines and then would see for any anomalies.In the case of misuse detection, IDS would  use the information compares with large databases containing attack signatures and analyze them.IDS would be looking at the specific details of the already well documented attack.The misuse detection software or the virus detection system is good only if the  database containing the attack signature is good and the comparison procedure it does against the packets.
• Host-based systems vs Network-based : In host based system, the focus is on the examination of the activities on the each individual host or computer.However in the case of  network-based system, the focus is on the analysis of individual packets which flow through the network.They can detect malicious packets filtering rules which could be simplistic.
• Reactive system vs passive system : In a reactive system, the IDS  is reacting to malicious activities by either of logging off  or with the help or programming the firewall, which in turn blocks the traffic from the network especially from the suspected source.. In the  passive system, IDS provides signals which alert the system to know there is a potential security breach.