Network Based Intrusion Prevention System (Nips)

mesh topology base Intrusion legal community system (NIPS) exposition An intrusion prevention corpse sit in-line on the profits and monitors the employment, and when a louche event occurs it takes action ground on original appointive rules. An IPS is an active and real time device, unlike an Intrusion detection system which is not inline and they argon passive devices. Intrusion prevention systems are considered to be the evolution of intrusion detection system. Alternately, an Intrusion prevention system is ordinarily a hardware device that is connected to the mesh.It function is to monitor the cyberspace for nay unwanted behavior and to prevent such behavior. A Network base Intrusion prevention system (NIPS) is utilize to monitor the network as well as protect the confidentiality, integrity and availability of a network. Its main functions include protecting the network from Threats such as defense team OF Service and unauthorized usage. Explanation Network based intrusion Prevention system monitors the network for malicious activity or suspicious traffic by analyzing the protocol activity. NIPS once installed in a network it is used to create Physical security zones.This in essence makes the network sound and it and quickly discerns good traffic from bad traffic. In other speech the NIPS becomes like a prison for hostile traffic such as Trojans, worms viruses and polymorphic threats. NIPS are manufactured using high go industriousness Specific Integrated Circuits (ASICS) and network processors. A Network processor is antithetical when compared to a micro processor. Network processors are used for high speed network traffic, since they are designed to execute tens of thousands of instructions and comparisons in double unlike a microprocessor which executes an instruction at a time.NIPS are considered to be extensions of the present Firewall technologies. Firewalls inspect only the first four layers of the OSI model of all packet of in formation flow. However, NIPS inspects all seven layers of the OSI model making it passing difficult to hide anything in the last four layers of a packet. majority of the network based Intrusion prevention Systems utilize one of the cardinal detection regularitys they are as follows Signature based detection Signatures are blow patterns which are predetermined and also preconfigured.This kind of detection method monitors the network traffic and compares with the preconfigured signatures so as to find a match. On successfully locating a match the NIPS take the next impound action. This type of detection fails to identify zero day error threats. However, it has proved to be very good against single packet attacks. Anomaly based detection This method of detection creates a baseline on bonny network conditions. Once a baseline has been created, the system intermittently samples network traffic on the basis of statistical analyses and compares the sample to the created baseline.I f the activity is lay out to be outside the baseline parameters, the NIPS takes the necessary action. Protocol State synopsis Detection This type of detection method identifies deviations of protocol states by equivalence observed events with predefined profiles. Comparison OF NIPS and HIPS Network ground intrusion prevention System Monitors and analyzes all the network activities. Easier to setup, understand and implement. It proves to be better in spying and preventing attacks or suspicious activities from the outside. less(prenominal) expensive. Near real-time response. Host based intrusion Prevention System Narrow in scope, watches only certain host activities. Much more complex setup and understanding when compared to NIPS. break up in detecting and preventing attacks from the inside. More expensive than NIPS. Comparison OF NIPS and NIDS Network Based Intrusion Prevention System Acts as a network gateway. wampum and checks suspicious packets. Prevents successful intrusio ns. False positives are very bad. Network Based Intrusion Detection System Unlike NIPS, it only observes network traffic. NIDS logs suspicious activities and generates alerts. Cannot stop an intruder, unlike NIPS. False positives are not as greathearted an issue when compared to network based intrusion prevention system. Summary A Network based intrusion prevention system must accomplish the very basics necessities of networking. They are as follows Low latency Less than 3ms, regardless of frame size, traffic mix, line rate or attack filter count. Large session counts Around 50,000 to 1,00,000 simultaneous sessions. Multi-Gigabit Speeds To support spur traffic and protect against internal attack. High availability Must automatically become a transparent switch should any internal atom collapse. Precision Should neither block nor drop good traffic. Sources http//www. cisco. com/web/ slightly/ciscoitatwork/security/csirt_network-based_intrusion_prevention_system. html http//en. w ikipedia. org/wiki/Intrusion_prevention_system http//www. foursquareinnovations. co. uk/software_development_and_ebusiness_articles/intrusion_prevention_systems_5. html http//www. infosecwriters. com/text_resources/pdf/JCooper_NIPS. pdf