If you’re not an I.T. wiz, some of the descriptions of the router security features might seem more like a foreign language than anything aimed at helping you decipher which integrated services router is right for your company. We’re here to help you understand the security features of a router by breaking them down for you one at a time. Let’s talk about IPS.
First off, what is IPS?
IPS stands for ‘intrusion prevention system’ and is commonly used along with an IDS (intrusion detection system). While the IDS can detect an intrusion after-the-fact, the IPS is designed to prevent the intrusion from taking place at all. One without the other is not especially effective which is why vendors have recently begun to combine the two technologies into a single package. An IPS essentially has all the features of an IDS, but in addition, can deploy functions to actively block an attack on the enterprise.
How does an IPS stop malicious traffic? While an IDS simply ‘watches’ packets and sets off an alarm when it detects a ‘bad’ one, acting more as an observer than anything else, the IPS actually sits inline with a network’s traffic flow. When malicious traffic begins to come through, the IPS has the ability to either terminate the user session that’s bringing the attack in, or even shut down the entire network connection in an effort to protect it. An IPS can also block access to the attack site or malicious traffic from different levels including the attacker’s IP address, or by blocking access to the targeted service, host, or application.
There are other ways that an IPS can protect a network from a detected threat. For one, it can mitigate the packets and often delete an infected attachment, like in an email, before it is delivered to the end-user. It can also reconfigure the network’s other security controls, typically a router or a firewall, to block a threat. Ideally, an IPS should be installed at a network’s perimeter to block attacks like viruses and worms from ever entering the network at all.