IPS Features

From Glitchdata
Jump to navigation Jump to search

An intrusion prevention system (IPS) prevents a connection or service based on how it is programmed to react to specific incidents. If the IPS is triggered based on incorrectly defined or nonstandard behaviour, it may block the service or connection of a critical internal system.


The majority of intrusion prevention systems use one of three detection methods:

  • signature-based
  • statistical anomaly-based
  • stateful protocol analysis.


Signature-based

Signature-based IDS monitors packets in the network and compares with predetermined attack patterns, known as “signatures”.