Cyber

Response … …100 word count min.

An intrusion prevention system (IPS) is a tool that is used to sniff out malicious activity occurring over a network or system. Intrusion prevention systems can also be referred to as intrusion detection and prevention systems (IDPS) (Snyder, n.d.). Intrusion prevention systems function by finding malicious activity, recording and reporting information about the malicious activity, and trying to block or stop the activity from occurring. Intrusion prevention systems are usually located behind a firewall to function as another filter for malicious activity. Since intrusion prevention systems are located in-line, IPS are capable of analyzing and taking automated actions on all network traffic flows. Those actions can include alerting administrators, dropping dangerous packets, halting traffic coming from the source address of malicious activity, and restarting connections. It is important to note that an effective intrusion prevention system must be efficient to avoid hindering network performance (Snyder, n.d.). In addition, intrusion prevention systems must work quickly and accurately in order to catch malicious activity in real time and avoid false positives. One of the most common problems with an IPS is the detection of false positives or false negatives, this occurs when the system blocks a activity on the network because it is out of the normal and so it assumes it is malicious, causing denial of service to a valid user, trying to do a valid procedure; or in the case of a false negative, allowing a malicious activity to go by (Snyder, n.d.). That is why they are not 100 % effective. Snort is a great tool I have used it in the previous classes to identify potential cybersecurity attacks and there are many more tools available on the internet which have similar purposes with some limitations.

Snyder, J. (n.d.). Do you need an IDS or IPS, or both? Retrieved from https://searchsecurity.techtarget.com/Do-you-need-an-IDS-or-IPS-or-both