Intrusion prevention

Intrusion prevention, at its most basic, requires some way of recognizing intrusions in real time, of being able to handle both known and unknown types of attacks, and then having a way of blocking the incursions. This can happen in two ways:

* Network-based intrusion prevention puts a device directly on the network in a critical data path that inspects all the traffic allowed through by the firewall, which is the first line of perimeter defense. Those prevention products use various methods to spot trouble, such as looking for the characteristic signatures of known viruses or comparing the current traffic to a baseline of normal traffic behavior. If the devices detect anomalies, they block the traffic from continuing onto the network.

* Host-based intrusion prevention places intelligent agents on each host computer or server to flag intrusions by comparing the behavior of systems against

expected norms. If deviations occur, the systems then have some way of blocking the procedures that are causing the anomalous behavior without affecting the machine's normal operations.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.