Network-based Intrusion Prevention System (NIPS)

Definition - What does Network-based Intrusion Prevention System (NIPS) mean?

A network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.

The NIPS monitors the network for malicious activity or suspicious traffic by analyzing the protocol activity. Once the NIPS is installed in a network, it is used to create physical security zones. This, in turn, makes the network intelligent and quickly discerns good traffic from bad traffic. In other words, the NIPS becomes like a prison for hostile traffic such as Trojans, worms, viruses, and polymorphic threats.

An intrusion prevention system (IPS) sits in-line on the network and monitors the traffic. When a suspicious event occurs, it takes action based on certain prescribed rules. An IPS is an active and real-time device unlike an intrusion detection system, which is not inline and is a passive device. IPSs are considered to be the evolution of the intrusion detection system.

Techopedia explains Network-based Intrusion Prevention System (NIPS)

    NIPSs are manufactured using high-speed application-specific integrated circuits (ASICs) and network processors, which are used for high-speed network traffic since they are designed to execute tens of thousands of instructions and comparisons in parallel, unlike a microprocessor, which executes one instruction at a time.

    The majority of NIPSs utilize one of the three detection methods as follows:
    • Signature-based detection: Signatures are attack patterns predetermined and preconfigured. This detection method monitors the network traffic and compares it with the preconfigured signatures so as to find a match. On successfully locating a match, the NIPS takes the next appropriate action. This type of detection fails to identify zero-day error threats. However, it has proved to be very good against single packet attacks.
    • Anomaly-based detection: This method of detection creates a baseline on average network conditions. Once a baseline has been created, the system intermittently samples network traffic on the basis of statistical analysis and compares the sample to the created baseline. If the activity is found to be outside the baseline parameters, NIPS takes the necessary action.
    • Protocol state analysis detection: This type of detection method identifies deviations of protocol states by comparing observed events with predefined profiles.
    Posted by:

    Connect with us

    Techopedia on Linkedin
    Techopedia on Linkedin
    Techopedia on Twitter

    Sign up for Techopedia's Free Newsletter!
    Techwise Webinar Series
    Understanding the Big Data Landscape
    Understanding the Big Data Landscape
    Big Data is everywhere, that's for sure. But the big question for today's savvy enterprise is: exactly where does Big Data fit into your organization?

    Email Newsletter

    Join 138,000+ IT pros on our weekly newsletter

    Free 30 Day Trial: SolarWinds® Log & Event Manager
    Free 30 Day Trial: SolarWinds® Log & Event Manager:
    Use this powerful SIEM to tackle compliance audits, perform root cause analysis and manage all logs in one place.
    Free Whitepaper – Bridging the IT Operations Application Owner Gap
    Free Whitepaper – Bridging the IT Operations Application Owner Gap:
    Conflicting organizational needs all too often create tension between functional silos. Application owners demand more and more resources.
    Free 30 Day Trial – VMTurbo Operations Manager
    Free 30 Day Trial – VMTurbo Operations Manager:
    VMTurbo's flagship product, Operations Manager maintains your virtual and cloud environments in a healthy state. It manages homogeneous and...