Few months back I came across a technology called Intrusion Prevention System so I thought of sharing it with you guys. So first of all let us see what basically is this technology, then we will cover up with its types and present scenario.
Read More: The Insider’s Guide to XSS attack
Before going into the details, you must first know what is network security traditionally. Say there is an attacker trying to compromise your system, he sends a malicious payload to your system. In order to protect your system from such malicious packets, there is Firewall. The Firewall is basically placed in between your network and the Internet, all the traffic that goes to your computer has to pass through the firewall.
Well answer to that is Firewall would extract out the packet header which is being sent to your system and look for basic pieces of information which is the source address[who sent the packet], destination address[where the packet is being sent] and the port number. Firewall based on certain rules decides when the packet should be allowed or blocked, if it notices any suspicious address then it will block the packets else it will allow the packet to pass.
Image via Wikipedia
It may seem that Firewall handles everything pretty fine and our system is secure from the attacks, but that’s not true. What if an attacker hides the malicious code inside the content? A hacker may send some payload in which it has the malicious content while the headers are perfectly fine. Web application attacks are most common due to this. Web Applications runs on the layer above the network layer so the Firewall is not able to detect the malicious code. In this way, an attacker can easily exploit the vulnerability of web applications.
So the question arises how do we protect our network from such attacks?
well, this is where the Intrusion Prevention System (IPS) comes handy.
Image Via Getacoder
Intrusion Prevention System is basically is another layer which is between the Internet and your network. However, Intrusion Prevention System does a more deep inspection as compared to Firewall, it checks the content of packets and examines them whether or not the content passing through our network malicious or not.
There are two modes in which Intrusion Prevention System works:-
To start with Passive mode, it can be seen as a type which creates a copy of all the packets which are being sent to the network. Further, it examines the packet in depth including the content and if it finds some malicious content then it sends an alert message to the console.
Image via Cisco
Now to talk of Active mode, it resides on the network itself and examines all the traffic that is going through the network. If the Intrusion Prevention System finds a malicious content in a packet, it blocks the packet as well as sends an alert message. However, in case of Active mode, performance is a major factor, since it examines each and every packet and only after full verification it allows the packet to pass to the system, therefore the devices needs to be fast else it will affect the performance.
Read More: iPhone 7 : Be Ready to Be dumbfound
Intrusion Prevention System can be classified into 4 types:-
This type of IPS monitors the network and always hunt for the suspicious behavior by evaluating the protocol activity.
This type of IPS is almost same as the above IPS, but the difference being is that it analyze the wireless protocol activity for detecting the suspicious behavior of the network.
This type of Intrusion Prevention System is used for the certain types of anomaly like the Distributed Denial of Service Attack (DDOS) or some type of malware present in the network. So we can say that NBA is used because of the potential threats present in the network which generate unusual traffic.
This type of IPS is used by a particular system in the network and this Intrusion Prevention System is only responsible for monitoring the traffic within that particular system or host.
Image via Businesswire
In 2014, IPS market was worth $2.716 billion and by 2019 market worth of Intrusion Prevention System will be $5.042 billion. In the past few years, we have seen some of the most sophisticated attacks on the cyberspace and hackers are continuously exploring new options to take cyber attacks to the next level.
In this scenario, Intrusion Prevention System will be a crucial thing for the SME/MNC and IT companies have started investing part of their security budget in the IPS.
Feel free to ask anything in the comment section. If you like the article then do share it with your friends. Sharing is Sexy.
CEO and Founder at Mighty Shouts.