- 29 Şub 2020
- 538
- 575
What is IDS / IPS?
First of all, what is IDS?
If we provide the general structure and definition of IDS systems; They are systems that provide real-time detection of potential threats or attacks that may affect the operability of reliable and protected systems. In the system content, all packets passing over the network are examined and the relevant details are kept in the log records of the system. The important point here is that the system is only monitored and no precautions are taken by the IDS system; threats are only detected and information is provided to the relevant personnel in a correctly configured structure. IPS systems are the improved version of IDS systems.
What is IPS?
IPS (Intrusion Prevention System), which is Turkish for Intrusion Prevention System, is a kind of security technology - network security system. The main functions of intrusion prevention systems are to identify malicious attacks - events (SQL Injection , Dos , Ddos etc. ), collect information about this attack - activity, report it and try to prevent or stop it.
Intrusion prevention systems are considered augmentation of Intrusion Detection Systems (IDS) as both IPS and IDS handle network traffic and system activities for malicious attack - activity.
IPS typically records information about observed events, notifies security administrators of significant observed events, and generates reports. Many IPS may also respond to a detected threat by trying to prevent it from succeeding. They use a variety of response techniques that involve the IPS stopping the attack, changing the security environment, or changing the context of the attack.
What is the Difference Between IPS and IDS?
IDS only displays attacks.
IPS monitors and blocks attacks.
Intrusion Prevention System (IPS) Classification
Intrusion Prevention System (IPS) is classified into 4 types:
1-) Network-based intrusion prevention system (NIPS):
It monitors the entire network for suspicious traffic by analyzing protocol activity.
2-) Wireless intrusion prevention system (WIPS):
Monitors a wireless network for suspicious traffic by analyzing wireless network protocols.
3-) Network behavior analysis (NBA):
It examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial-of-service attacks (DDoS), certain forms of malware, and policy violations.
4-) Host-based intrusion prevention system (HIPS):
It is an internal software package that runs a single host for suspicious activity by scanning for events happening on that host.
What are Intrusion Prevention System (IPS) Detection Methods?
a-) Signature-based detection:
Signature-based IDS runs packets on the network and compares them with pre-generated and pre-made attack patterns known as signatures.
b-) Statistical anomaly-based detection:
Anomaly-based IDS monitors network traffic and compares it to a built-in baseline. The baseline will determine what is normal for that network and what protocols are used. However, it can give false alarms if baselines are not intelligently configured.
c-) Stateful protocol analysis detection:
This IDS method recognizes the divergence of protocols indicated by comparing observed events with pre-built profiles of generally accepted and non-harmful activity definitions.
What are the IPS Types?
There are 2 types of IPS they are:
NIPS (Network-based Intrusion Prevention System)
HIPS (Host-based Intrusion Prevention System)
If we talk about NIPS briefly: Network-based IPS systems are located at the main points of your network traffic and offer you network confidentiality (confidentiality), integrity (integrity) and availability at a high level of protection. The main purpose of NIPS is to take the necessary precautions and actions against attack threats that may come to your system as soon as possible. With NIPS, malware activities or suspicious traffic detection is carried out by providing detailed protocol analysis. NIPS includes a configuration and architecture capable of analyzing high-bandwidth network traffic. To provide instant analysis of this traffic in parallel while providing the current traffic flow; It provides you with workloads such as making meaningful conclusions from these packages and taking precautions by comparing them with known threats in very short action times.
If we talk about HIPS briefly: Host-based IPS system creates a defense mechanism against viruses and threats that may come from Internet traffic on products such as servers (Physical Host or VM Host), computers, which are individually located in a system. It provides us with a security mechanism from Layer 3 to Layer 7, that is, from the network layer to the Application layer on the host.
If we talk about the advantages of HIPS: It raises the level of security to the highest level with the security policy it provides on systems that are outsourced at points such as corporate or public institutions. It also provides an important precaution against possible attacks and threats that may come from the local network by working on the host.
Have a nice day
Translator: @GhostWins
Author: @Loux
