Open in app

Sign in

Write

Sign in

About IPS/IDS..

Niyazi Şahin
3 min readMay 29, 2022

--

In this story, we will talk about IPS/IDS attack warning and prevention systems.

This Image was Taken pngmart.com

Firstly we require know what is mean of cyber attack.

A cyber attack is an attack by using various methods to steal, change or destroy data from one or more computers to other computers or networks.

  • Who is attacker?

PersonS trying to gain unauthorized access.

  • So what’s are the various attack methods?

These methods can be Man in The Middle, SQL Injection, cryptojacking, malware, Phishing or Dos/DDos. These attack variations can vary depending on the target, environment or many different parameters.

We talk next what’s mean these attack variations in other articles. We will look details.

  • Cyber Attack Prevention and Understand

There are methods used to prevent and understand these attacks.

These can be firewalls, antivirus systems and IPS/IDS. We look IPS/IDS in this article.

IDS (Intrusion Detection System)

→ IDS is the system used to detect malicious movements in network traffic.

→ It is divided into 2 as network and host based. NIDS (Network Intrusion Detection Systems) and HIDS (Host Intrusion Detection Systems)

→ IDS can then log.

→ Often used by security analysts. It may be a software or hardware tool designed for them.

→ Often used behind firewall. Works passively, listening traffic

  • How Works?

IDS copies incoming traffic to another port. This is called Port Mirroring. Sends alert if traffic is malicious.

In addition, an important information, IDS does not affect the flow of traffic. Because it works with the copy of the traffic.

  • How Detect Malicious Traffic?

Answer of this question Signature.

Signature is a set of rules for detecting known attacks on IPS and IDS systems. They occur as a result of the typical features of an attack being made into a rule set.

Signatures in IDS are compared to inbound traffic. If there is a match, it will send an alert.

There are 4 different alert type:

1- True Positive

2- True Negative

3- False Positive

4- False Negative

Means :

False : Not Malicious Traffic

True : Malicious Traffic

Positive : Alert Triggered

Negative : Alert Not Triggered

IPS (Intrusion Prevention System)

Similar to IPS IDS.

  • Positively, IPS has the ability to block malicious traffic.
  • Negatively, IPS can affect traffic. Because IPS does not Port Mirroring

Therefore, IPS should work at high rate. If work low rate, traffic slows down.

IPS Types

  • NBA (Network Behavior Analysis Systems) : Makes and monitors the behavioral analysis of the traffic on your network.
  • HIPS (Host-Based Intrusion Prevention Systems) : It is used to prevent attacks against the computer on which it is built on HIPS, which can also come as an additional module in some antivirus.
  • NIPS (Network-Based Intrusion Prevention Systems) : It is used to monitor and prevent threats on the network.
  • WIPS (Wireless Intrusion Prevention Systems) : It is used to monitor and prevent threats on the wireless network. It is the specialized version of NIPS.
Cybersecurity
Cyberattack
Cyber Attack Prevention
Intrusion Detection
Intrusion Detectionsystem

--

--

Niyazi Şahin

Written by Niyazi Şahin

8 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams