RangerIDS - Intrusion Detection System (IDS)

Intrusion Prevention Systems (IPS)

Host IPS (HIPS)

Network IPS (NIPS)

Gigabit IDS

Which Technology is the Best

Problems with IDS

Detection Methods

Pattern Matching

Stateful Pattern Matching

Protocol Decode

Heuristic Analysis

Anomaly Analysis

Which Detection Method is Best

Monitor-Evaluate-Modify: The Security Cycle

Intrusion Prevention Systems (IPS)

Most IDS systems tend to be reactive rather than proactive – that is they often have to wait until something has actually happened before they can raise the alarm.

The Intrusion Prevention System (IPS), however, attempts to be proactive, and is designed to stop intrusions dead, blocking the offending traffic before it does any damage rather than simply raising an alert as, or after, the malicious payload has been delivered.

Of course, the downside with this approach is the potential for introducing a self-inflicted Denial of Service condition. The thorny issue of false positives is one that has plagued the IDS industry to date - sometimes it is very difficult to design an attack signature that will alert reliably on every variation of the exploit While ensuring that it will not be triggered accidentally by valid traffic. This is bad enough when you are just being pestered by false alarms at your IDS console, but when the IPS system cuts off a potential customer or your CEO from a vital computer system, the consequences can be far more serious.