Intrusion prevention is a way of protecting your computer system from unwanted entry. Most computers have firewall programs installed to protect their systems from exploitation, but intrusion prevention is a system added for extra security. An intrusion prevention system provides added protection from either computer viruses or hackers trying to break into your network.
Intrusion prevention systems are much more secure than common firewall technology. Although considered to be an expansion of the original intrusion detection system, they are actually more a way of controlling who has access to a computer network. They not only control access, but also detect entry to the network, so the two systems are closely linked.
The intrusion prevention system controls access to a network based on the content of the application trying to make contact. Prior to this, the detection from firewalls was based on ports or IP addresses. A good intrusion prevention system not only detects intrusion, but also controls access to a network. This latter feature is the system's main improvement over detection only firewalls.
There are different types of intrusion prevention available for added security. Network intrusion prevention systems are usually hardware devices that are situated in the network. Unlike host based intrusion systems that have to be applied to every computer in the network, the network system requires fewer devices to be installed.
The network intrusion prevention system can be content based or rate based. A content based system will inspect and disallow any entry from content that is not known. The content may be not be recognized by the prevention system, or it may have been previously recorded as a threat to the system.
Rate based network intrusion prevention is based on the intent of the attack rather than the content. The rate-based system can identify threats that are different from the traffic the network usually receives. The rate-based system learns the type and behavior of normal network traffic and sets parameters accordingly. Anything that falls outside of these parameters will be prevented access to the network.
There are also host based intrusion prevention systems. These are software only applications that are very good at detecting unwanted entry after decryption has occurred. Over time, the host-based system builds up a monitoring system for access to the computer’s network. The only problem with host based prevention is that it must be installed on every computer in the network. It also cannot cope with larger rate based access attacks, as it does not have the capabilities to deal with these levels of detection and denial of entry.