[WEBINAR] The New Normal: Dealing with the Reality of an Unsecure World

Network-based Intrusion Prevention System (NIPS)

Definition - What does Network-based Intrusion Prevention System (NIPS) mean?

A network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.

The NIPS monitors the network for malicious activity or suspicious traffic by analyzing the protocol activity. Once the NIPS is installed in a network, it is used to create physical security zones. This, in turn, makes the network intelligent and quickly discerns good traffic from bad traffic. In other words, the NIPS becomes like a prison for hostile traffic such as Trojans, worms, viruses, and polymorphic threats.

An intrusion prevention system (IPS) sits in-line on the network and monitors the traffic. When a suspicious event occurs, it takes action based on certain prescribed rules. An IPS is an active and real-time device unlike an intrusion detection system, which is not inline and is a passive device. IPSs are considered to be the evolution of the intrusion detection system.

Techopedia explains Network-based Intrusion Prevention System (NIPS)

    NIPSs are manufactured using high-speed application-specific integrated circuits (ASICs) and network processors, which are used for high-speed network traffic since they are designed to execute tens of thousands of instructions and comparisons in parallel, unlike a microprocessor, which executes one instruction at a time.

    The majority of NIPSs utilize one of the three detection methods as follows:
    • Signature-based detection: Signatures are attack patterns predetermined and preconfigured. This detection method monitors the network traffic and compares it with the preconfigured signatures so as to find a match. On successfully locating a match, the NIPS takes the next appropriate action. This type of detection fails to identify zero-day error threats. However, it has proved to be very good against single packet attacks.
    • Anomaly-based detection: This method of detection creates a baseline on average network conditions. Once a baseline has been created, the system intermittently samples network traffic on the basis of statistical analysis and compares the sample to the created baseline. If the activity is found to be outside the baseline parameters, NIPS takes the necessary action.
    • Protocol state analysis detection: This type of detection method identifies deviations of protocol states by comparing observed events with predefined profiles.

    Techopedia Deals

    Connect with us

    Techopedia on Linkedin
    Techopedia on Linkedin
    "Techopedia" on Twitter

    Sign up for Techopedia's Free Newsletter!

    Email Newsletter

    Join thousands of others with our weekly newsletter

    Free Whitepaper: The Path to Hybrid Cloud
    Free Whitepaper: The Path to Hybrid Cloud:
    The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
    Free E-Book: Public Cloud Guide
    Free E-Book: Public Cloud Guide:
    This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
    Free Tool: Virtual Health Monitor
    Free Tool: Virtual Health Monitor:
    Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
    Free 30 Day Trial – Turbonomic
    Free 30 Day Trial – Turbonomic:
    Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.