37
Intrusion detection system basically works
on
network
sectors
or
on
hosts,
sits
passively through
the
network.
It
is
better
used
to
detect
intrusions or
malicious attacks
in
network
traffic
and
alert
the
identification
to
the
administrators, who
are
monitoring
the system, so
that
they can
respond
and take quick action
regarding to the
threats. It
is
not
a
stand-alone device, but
it
is
typically rather
an
addition and
complementary to
the
overall
protection
system
that
basically
has
already
installed
other
protection
devices,
such
as
firewalls
or
bastion
hosts.
These
protection
technologies
is
essentially
able
to
work together to set a great security perimeter and protect the system.
2.1.7.5 Intrusion Prevention System
Intrusion
prevention system
(IPS)
came
up
in
1990s
when
it
was
possible
to
develop
technology
that
could
block
attacks
in
real
time. Some
companies
started
to
develop
new
technology that
operates
beyond
detection
system.
ISS
RealSecure had
developed IPS that
has the process termination feature that could kill or stop traffics that
were
considerably
unsafe.
SNORT,
an
open
source
libpcap-based packet
sniffer
and
logger
developed by
Marty
Roesch,
is
one
of
the
most
famous
intrusion
prevention
software applications that have been used worldwide, which is also used in thesis work.
IPS basically
is
more
advanced
and
one
step
ahead
compared
to
IDS. It
has all
the basic
features that IDS
has,
whereas it also
has
special ability in
taking
response
by
stopping
malicious attacks.
It
is
installed
and
sitting
inline
and
working
actively. It
is
proactive, meaning that it
will take action based on prescribed rules if
it detects
incoming
threats
that
come
through
the
IPS.
It
usually
blocks
the
threats
to
prevent
 |