Talk:Intrusion prevention system

This redirect does not require a rating on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing This redirect is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. This redirect is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Computing This redirect is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.

The contents of the Intrusion prevention system page were merged into Intrusion detection system on 2016-07-16 and it now redirects there. For the contribution history and old versions of the merged article please see its history.

Comment

Is it correct to add what test that can bee found? Both from vendor and from independent part as ISCA Labs ?

---

I don't think "Intrusion prevention systems were invented by One Secure which was latter acquired by NetScreen Technologies that was aquired by Juniper Networks in 2004" concerns IPS. This is more a company ad.

Indeed, IPS or inline IDS is attributed to Jed Haile who first developed inline IDS while working for the Department of Energy. Jed's work later became Hogwash (with help from Jason Larsen) followed by an independent release which became part of snort named snort-inline. Additionally, Vern Paxon implemented an inline IDS well before IPS was a glimmer in Nir Zuk's eyes.

Umm, what about Network ICE?

IPSs were simultaneously invented by a lot of people. The first instance of IPS I am familiar with is the BlackICE engine from NetworkICE. That was surely the first commercial IPS. NetworkICE had an in-line IPS on the market in 1999. Well ahead of OneSecure and the others.

I think its best to leave off who invented it. Let's assume a number of different groups were developing the technology simultaneously in the late 1990s.

Does IPS mean inline

Long before (Internet time long before) inline IPS like Hogwash, most IDS had the functionality of performing prevention. The most common technique was the RESET packet. An IDS that saw an attack would send a RESET packet to the systems involved, killing the connection. This did not allow for UDP or ICMP protection. Also, this technique was vulnerable to a race condition between the attack and the RESET packet. Another technique, implemented in Checkpoint's OPSEC for example, was to send a command to the firewall to block the offending condition (most likely source address, but could be a particular subnet or even port). This did address follow-on unspoofed UDP attacks. It also proved useful against scan and exploit oriented attacks like worms.

The inline IPS was just a step in integration between the firewall and the IDS. I would debate giving too much credit for a particular instance or product. To conclude, prevention occured at the host-based level in anti-virus products a decade before the network layer.

Propose move to Intrusion prevention system (no dash)

Latest comment: 10 years ago5 comments5 people in discussion

Any objections? --Romanski (talk) 13:53, 21 April 2008 (UTC)Reply

I second the move. The current article title is inconsistent with the rest of the article. Most people are going to search for Intrusion prevention system or IPS, not Intrusion-prevention system.--71.104.232.71 (talk) 16:06, 9 August 2009 (UTC)Reply

IMHO, the correct term is without the "-"; at least that's the way I've seen it in most sources (eg: NIST 800-series guide). Regards, DPdH (talk) 16:22, 2 September 2009 (UTC)Reply

It is totally incorrect to merge the Intrusion prevention system topic with the topic Intrusion detection system; you are confusing two sorts of things: one can be analysis, the other is a tool. I hope you check your country accountability regulation if you have other source for accounting spendings as this matters or refers to ISACA and COBITs analysis. Max LeBlan —Preceding undated comment added 10:08, 6 June 2013 (UTC)Reply

These are two separate things that are related. IDS only logs malicious activity while IPS attempts to prevent malicious activity. Regalrecaller (talk) 20:54, 9 April 2014 (UTC)Reply

HIPS and codecs...

Latest comment: 15 years ago1 comment1 person in discussion

Enabling HIPS with certain codecs on (Especially DVD Codecs) may cause the program that is playing the DVD to crash before the DVD even starts. Is this confirmed or waiting to be confirmed? Example: If you install Cole2k.net's advanced codec package and use Spyware Terminator's HIPS Protection, it will freeze Windows Media Center when using those codecs. 66.168.19.135 (talk) 05:07, 4 July 2008 (UTC)Reply

Comment, references and external links

Latest comment: 12 years ago1 comment1 person in discussion

The Ref 1 and 6 is the same, is it a known problem in Wiki? The external document (external link) "NIST SP 800-31, Intrusion Detection Systems" has been officially replaced by "NIST SP 800-83, Guide to Malware Incident Prevention and Handling" see the Section 1.2 page 1-1. Also have to be deleted here. — Preceding unsigned comment added by 194.39.218.10 (talk) 10:27, 9 November 2011 (UTC)Reply

Isn't this IDS behaviour?

Latest comment: 8 years ago2 comments2 people in discussion

Hi.

Don't really know if I should make a comment about this or not. Just reading through the detailed overview os an IPDS "More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address." Just noticed that in that quote it mentions that an IPS can take an action such as sending an alarm if malicous traffic is detected. If it simply let the traffic through doing nothing else but sending an alarm alerting some personal such as a network manager wouldn't that be kind of useless? By the time the network manager could do anything about it the damage could have already been done and the malicous packets could have got through. That sounds similar to IDS behaviour only logging events but letting the malicous traffic through. An IDS only makes logs of alerts but does nothing to stop them, it's like a guard dog with no teeth, it will bark but won't bite. — Preceding unsigned comment added by 86.27.52.108 (talk) 12:38, 29 May 2012 (UTC)Reply

I concur that sending an alarm is not a differentiator from IDS. — Preceding unsigned comment added by 15.203.233.81 (talk) 21:54, 20 July 2015 (UTC)Reply

Like....what?

Latest comment: 11 years ago1 comment1 person in discussion

Can someone give one or more examples/links in the article? There's not even 1 example of a IPS system.... is SNORT one? 128.193.8.44 (talk) 02:43, 1 January 2013 (UTC)Reply

Answer : Sourcefire , Preoventia GX - IBM , Tipping Point - HP , Mcafee IPS

For testing purposes

Currently, the CompTIA Network+ exam distinguishes between intrusion "prevention", and intrusion "detection" systems. I would suggest NOT merging these two things together, just to avoid confusion among students preparing to take this certification test. If the test is changed in the future, then I think that is when these two topics should be merged together.

IDS vs IPS

Latest comment: 10 years ago1 comment1 person in discussion

An IDS is a passive device or software that detects and reports intrusive behavior. An IPS is a active device or software that detects, reports and will block intrusive behavior by shuting down the conection.

CISCO defines it here^[1]

BMellon (talk) 21:38, 3 September 2013 (UTC)Reply

1. http://ciscoskills.net/2011/03/09/cisco-ids-vs-ips/