45
inspection since attackers can make the system of IPS disabled. Firewalling is an
advanced optional for IPS to integrate self-defense.
In
response
to
the
intrusions, IPS
is
able to
take
appropriate actions to
deal
with
the
suspected attack.
In
general,
there
are
three
types
of
responses
that
are
made:
automated response,
manual
response,
and
hybrid
response.
As
seen
on
its
name,
automated response
happens automatically after alleged
incident of
attacks are detected.
Quick
response
is
taken
so
that
attack
will
be
prevented and
system
damage
can
be
carefully
avoided, while system is
returning
to safe state. IPS
can carry out connection
dropping,
throttling,
shunning,
and
session
sniping.
First,
IPS
drops
the
connection by
initiating
a
firewall
to
close
connection traffic
on
particular
ports
that
are
used
by
attackers. Second,
IPS
does
the
throttling
technique by
adding
scanning
delay.
It
is
suitable against port scans.
Third, IPS
also does
shunning after
it
identifies attacker and
denies
its
activity. It
configures pre screening router or
firewall to shun
the connection.
And the
last type
is sniping
where IPS
terminates attacks all
the way
through
the
use
of
TCP
RESET
packet
to
end
connection and
avert
the
attack.
Otherwise,
IPS
can
use
manual responses that
rely
on the
ability of
the
users or administrators
in
analyzing and
responding
to
the
attack.
Good
teamwork
and
methodology
need
to
be
in
position.
Hybrid
responses
simply
mean
the
combination
between
the
technological
automated
response and intellectual manual response.
2.1.8.2 Architecture of IPS
Intrusion detection and
intrusion prevention systems,
at
a
minimum scale,
actually require only one
program or
device
installed on
the
network. However,
many
 |