46
large
corporations
or
organizations typically
use
multiple
systems
and
components that
perform a
variety of
sophisticated
intrusion detection and
intrusion prevention
functions
[1].
IPS
architecture
is
a
critical
consideration
on
how
each
components
of
the
IPS
is
appropriately deployed and
in proficiently coordinated
manner that
meet effective
system
security
needs.
Tiered
architecture is
the
most
common
intrusion
prevention
architecture.
•
Single-tiered architecture, the
most basic of architectures, is one
in
which
components
in
an
IDS
or
IPS
collect
and
process
data
themselves,
rather
than
passing
the output they collect
to
another set
of
components [1].
Host-based
IPS
is
the example of
IPS
that
uses
singe-tiered manner
that analyze the output
from
the
system
logs
and
process
it
all
by
themselves. It
is
more
simple and
low
cost
compared
to
other
architectures,
but
on
the
other
hand,
it
reduces
much
of
the
effectiveness of its functionality.
•
Multi-tiered
architecture
involves
multiple
components
that
pass
information
to
each other [1]. It
is designed
with the
intention that
it combines the placement of
sensors,
agents,
and
managers.
Sensors
basically
do
the
network
traffic
monitoring
and
perform
data
capture
or
collection.
Agents
receive
information
from
the
sensors.
It
monitors
and
examines intrusive
activity
and
determines
whether
intrusions are
about
to
take
place
or
not.
The
analysis
results
by
the
agents
are
then
passed
to
managers.
Managers
are
responsible in
having
the
decision
to
cope
with
intrusions. Taking
action
includes,
but
not
limited
to,
displaying intrusion alerts on
console or
screen, storing event
information
to
the
database, informing the
hosts, and automatically configuring firewalls or routers
 |