Assignment MKT-554 : IPS

IPS can stand for several things depending on the context, but one common interpretation is
"Intrusion Prevention System." An Intrusion Prevention System is a cybersecurity technology
designed to identify and prevent unauthorized or malicious activities from occurring within a
computer network or system. It's a critical component of network security, aiming to defend against
cyberattacks and protect sensitive information.

Here's a detailed breakdown of an Intrusion Prevention System (IPS):

1. Purpose:

An IPS functions as a real-time monitoring and prevention tool. It analyzes network traffic and
system behavior to detect and block any activities that could potentially compromise the security of
the network.

2. Detection Methods:

IPS employs various techniques to identify potential threats or intrusions. These methods include:

- Signature-based Detection: This involves comparing network traffic or system behavior to a

database of known attack patterns or signatures. If a match is found, the IPS takes action to block
the attack.

- Anomaly-based Detection: The IPS establishes a baseline of normal network behavior and
identifies deviations from this baseline. Unusual or unexpected activities are flagged as potential
threats.

- Heuristic Analysis: The system applies rules and algorithms to identify patterns that might indicate
an attack. This method is more flexible than signature-based detection but can also generate false
positives.

3. Prevention Mechanisms:

Once a potential threat is detected, the IPS takes proactive measures to prevent the attack from
succeeding. These actions can include:

- Dropping Packets: The IPS can discard malicious packets or connections to prevent the attack from
progressing further.

- Blocking IP Addresses: The system can block traffic from specific IP addresses associated with
malicious activity.

- Traffic Shaping: The IPS can manage network traffic to mitigate the impact of an attack and ensure
critical services remain operational.

- Resetting Connections: In some cases, the IPS can send reset signals to both ends of a connection
involved in suspicious activity.
4. Network Placement:

IPS can be deployed in different locations within a network:

- Network-based IPS (NIPS): Placed at key points in a network's infrastructure, such as at the
network perimeter or between network segments. NIPS monitors all traffic passing through these
points.

- Host-based IPS (HIPS): Installed on individual systems, such as servers or endpoints. HIPS
monitors the activities on the specific host and can respond to threats targeting that host.

5. Challenges and Considerations:

- False Positives: IPS systems need to be tuned carefully to avoid blocking legitimate traffic.

- Encrypted Traffic: As more internet traffic becomes encrypted, IPS may face challenges in
inspecting encrypted data.

- Performance Impact: Intensive IPS inspection can consume system resources, potentially affecting
network performance.

- Evasion Techniques: Skilled attackers might employ techniques to avoid detection by IPS.

Intrusion Prevention Systems play a crucial role in maintaining network security by actively
identifying and preventing potential threats. However, they are most effective when used in
conjunction with other cybersecurity measures, such as firewalls, antivirus software, and employee
training in security best practices.