Académique Documents
Professionnel Documents
Culture Documents
This report will explain the importance of the use of an Intrusion Prevention System for the
protection of your company from intrusions. The threat of network intrusion hangs over any
organisation that posesses a network open to the outside world. Because connectivity is the most
important aspect of the modern organisation, protection of this network is vital.
Firstly, I will describe the importance and role of an Intrusion Prevention System. Then I will give
examples of different types of Intrusion Protection Systems, and examples of some detection
methods. Finally, I will suggest the most appropriate methods of Intrusion Prevention System for
the company's particular needs.
Importance and Role of Intrusion Prevention Systems (IPS)
Often company's believe that because there is currently a Firewall in place, this is enough protection
from intrusion. However, a Firewall alone is insufficient for preventing intrusions.
In the 1990s, virtually all network-based attacks could be blocked with the combination of firewalls
and anti-virus software. That isnt the case today: most new attacks are targeted directly at web
applications. These attacks are impossible to defend with firewalls and anti-virus software alone.
Without an IPS, attacks have a significantly greater chance to succeed.
Intrusion prevention systems, or IPSs, are devices or programs that are used to detect signs of
intrusions into networks or systems and take action. That action consists of generating alarms
and/or actively blocking intrusions. IPSs usually take the form of purpose-built hardware devices,
software agents that run on servers, or software programs that run within virtualized environments.
Firewalls and IPSs are both essential tools for protecting an enterprise from intrusions. Both are
needed, primarily because theyre each designed to look at different things:
A firewall is designed to block all network traffic except that which is explicitly allowed.
An intrusion prevention system is designed to permit everything except that which is
explicitly disallowed.
A firewall is designed to permit (or block) network packets based on their source,
destination, and port number, regardless of the contents of each packets payload (the
contents of the message).
An intrusion prevention system is designed to permit (or block) network packets based on
the packets payload.
References
Intrusion prevention system (2016) in Wikipedia. Available at:
https://en.wikipedia.org/wiki/Intrusion_prevention_system (Accessed: 20 June 2016).
(No Date) Available at: https://www.sans.org/reading-room/whitepapers/intrusion/hostintrusion-prevention-systems-32824 (Accessed: 20 June 2016)
Arntz, P. (2016) What is host intrusion prevention system (HIPS) and how does it
work? Available at: https://blog.malwarebytes.com/101/2013/05/whatiships/ (Accessed: 20
June 2016).
Symantec (2002) Available at: http://www.symantec.com/connect/articles/networkintrusion-detection-signatures-part-five (Accessed: 20 June 2016)
Zaugg, B. (2010) An overview of intrusion detection systems technology and research.
Available at: http://www.bzaugg.com/2010/06/an-overview-of-intrusion-detection-systemstechnology-and-research/ (Accessed: 20 June 2016).
Intrusion detection system (2016) in Wikipedia. Available at:
https://en.wikipedia.org/wiki/Intrusion_detection_system (Accessed: 20 June 2016).
(No Date) Available at: http://www.bradreese.com/sourcefire-ips-for-dummies.pdf
(Accessed: 20 June 2016).
Wireless intrusion prevention system (2016) in Wikipedia. Available at:
https://en.wikipedia.org/wiki/Wireless_intrusion_prevention_system (Accessed: 20 June
2016).
AlienVault (2016) Intrusion detection system (IDS) software. Available at:
https://www.alienvault.com/solutions/intrusion-detection-system (Accessed: 20 June 2016).