Back to course

Intrusion Prevention Systems (IPS)

Cyber Security Mastery: From Zero to Hero

IDS vs. IPS

If an IDS is an alarm system, an Intrusion Prevention System (IPS) is an alarm system that can also lock the doors.

Functionality

An IPS operates similarly to an IDS by monitoring traffic, but it is placed in-line with the network traffic. When it detects an attack, it takes immediate action to stop it before it reaches the target.

Prevention Actions

An IPS can:

  1. Drop the Malicious Packets: Immediately discard the packets causing the alert.
  2. Block the Source IP: Temporarily or permanently add a rule to the firewall to block all traffic from the originating IP address.
  3. Reset the Connection: Terminate the TCP session between the attacker and the victim.

Drawback

IPS can introduce latency and, if configured poorly, may block legitimate traffic (False Positives), potentially causing a self-imposed Denial of Service (DoS).