intrusion prevention system (IPS)
In contrast to an intrusion detection system( IDS), the intrusion prevention system( IPS) does not have a monitoring and alarming function, but directly controls the traffic. The IPS system is connected directly into the data lines and monitors the incoming and outgoing data packets of the network components or the host.
Attacks and bit patterns deviating from normal data traffic are detected via signatures and removed from the data traffic before they reach the receiving station. This blocking function is supported by intelligent behavior patterns and anomalous algorithms operating at the application level.
IPS systems should perform data analysis at high speed and must not block legitimate traffic even under heavy load. Such systems can be integrated with NGFW firewalls. Protection mechanisms such as signature analysis, protocol deviation detection, firewall functions, and access controls must be robust. Depending on their design, IPS systems can be host-based, such as the Host-Based Intrusion Prevention System( HIPS), and monitor traffic from endpoints or that from WLANs, such as the Wireless Intrusion Prevention System(WIPS), for malicious attacks.