In the previous installment of this article, I discussed the detection mechanisms used with Network based Intrusion Prevention System (NIPS). In this particular article, the focus will be on particular threats that NIPS deals with.
Contrary to antivirus software, which looks for known malicious files, the IPS will scan the network traffic in order to catch threats using known exploits and possible attacks. An IPS will not detect common files, but instead will use specific methods to keep malicious files off of the network. By utilizing this type of approach, the IPS is able to protect the network against both known and unknown threats, before antivirus signatures can even be established for the possible attacks. If you want to have real-time protection for your’ network, the IPS is a necessity. It’s a sure fire solution to provide as much security as possible, considering the amount of threats that are occurring 24/7/365. In my network, I will gladly take prevention of the attack, instead of being notified of an attack occurring, any day of the week!
Listed below, you will see some of the common types of threats that an IPS will encounter:
- Worms and Trojan Horses
- DDoS Attack
- Back-Door Viruses (MyDoom,Doomjuice, Deadhat)
- Phishing (cross-site scripting)
- SSL Evasion
- Port Scanning
- Blended Attacks (multiple attacks at the same time to beat security)
- ARP Spoofing
- Buffer Overflow (overloading web servers causing a denial of service attack)
As the old saying goes…an ounce of prevention…is worth a pound of cure…