Intrusion Detection and Prevention Systems (IDPSs)

This chapter discusses the Intrusion Detection and Prevention Systems (IDPS) detection technologies, which are signature-based detection, anomaly-based detection, and stateful protocol analysis. It explains about the IDPS components, which are sensors or agents, management server, database server, and console. The chapter describes the IDPS security capabilities against authorized activities and also discusses the types of IDPS technologies: network-based IDPS, wireless IDPS, network behavior analysis system, and host-based IDPS. It explores the advantages of integrating multiple IDPS technologies and integrating different IDPS products. Some IDPSs can also use the authenticator information to define acceptable activity differently for multiple classes of users or specific users. Network-based IDPSs are placed at a strategic point or points within the network to monitor traffic to and from all devices in the network. Network-based IDPSs provide extensive and broad detection capabilities. A wireless IDPS monitor’s wireless network traffic and analyzes wireless networking protocols to identify malicious behavior.