Intrusion Prevention System (IPS)

What is IPS (Intrusion Prevention System)?

IPS, short for "Intrusion Prevention System," refers to hardware or software designed to detect signs of unauthorized access to an internal network and, upon identifying such intrusions, notify administrators while simultaneously blocking access or taking other preventive measures in real-time. IPS is an advanced version of IDS (Intrusion Detection System), which only monitors and detects intrusions.

IPS can be categorized into two types based on its implementation:

• Host-based IPS (HIPS): Installed as software on the protected computer, HIPS monitors OS logs, prevents tampering with access logs, and provides features such as automatically shutting down the computer when necessary.
• Network-based IPS (NIPS): Deployed as a dedicated appliance in the network segment where protected computers are connected, NIPS monitors network traffic to detect unauthorized activity and blocks access when needed. NIPS is generally more suitable for efficiently protecting an entire internal network.

However, with the growing use of web applications, there has been an increase in security threats that cannot be prevented by IDS or IPS alone. To address these advanced threats, deploying a Web Application Firewall (WAF) is an effective solution.