What are the types of Intrusion Prevention System?

Information SecuritySafe & SecurityData Structure

There are several types of intrusion prevention system which are as follows −

Host-based IPS (HIPS) − A host-based IPS is one where the intrusion-prevention application is local on that specific IP address, generally on a single device. HIPS compliments traditional finger-print-based and heuristic anti-virus detection approaches, because it does not need continuous upgrades to stay ahead of new malware.

A comprehensive use of system resources can be a disadvantage of current HIPS, which integrate firewall, system-level action control and sandboxing into a coordinated disclosure net, on top of a traditional AV product.

This extensive protection designs can be warranted for a laptop computer frequently working in untrusted environments (e.g., on cafe or airport Wi-Fi networks), but the heavy defenses can create their toll on battery life and clearly impair the generic responsiveness of the computer as the HIPS protective element and the traditional AV product check each document on a PC to view if it is malware against a large blacklist.

Rather than if HIPS is combined with an AV product using whitelisting technology then there is far less need of system resources as some applications on the computers are trusted (whitelisted). HIPS as an application then becomes an authentic alternative to traditional anti-virus products.

Network-based IPS (NIPS) − A network-based IPS is one where the IPS application and some actions taken to avoid an intrusion on a specific network host(s) is completed from a host with multiple IP address on the network.

Network intrusion prevention systems are purpose-built hardware/software platforms that are intended to analyze, identify, and files on security associated events. NIPS are designed to inspect traffic and depends on their configuration or security policy, they can drop malicious traffic.

Content-based IPS (CBIPS) − A content-based IPS (CBIPS) check the content of network packets for specific sequences, known as signatures. It can identify and hopefully prevent known types of attack including worm infections and hacks.

Protocol Analysis − A key development in IDS/IPS technologies was the need of protocol analyzers. Protocol analyzers can inherently decode application-layer network protocols, such as HTTP or FTP. Because the protocols are completely decoded, the IPS analysis engine can compute multiple elements of the protocol for anomalous behavior or exploits.

Rate-based IPS (RBIPS) − Rate-based IPS (RBIPS) are primarily designed to avoid Denial of Service and Distributed Denial of Service attacks. They work by monitoring and understanding normal network behaviors. RBIPS can recognize abnormal rates for specific types of traffic such as TCP, UDP or ARP packets, connections per second, packets per connection, packets to specific ports etc.

Updated on 04-Mar-2022 10:00:02