Network Intrusion Prevention System
Learn how a Network Intrusion Prevention System monitors and blocks traffic in an organization.
We'll cover the following
Overview
A network intrusion prevention system (NIPS) is a device that monitors network traffic. It’s very similar to how a firewall inspects network packets. In most cases, the NIPS is installed at the perimeter to protect an organization’s internal network from internet-based attacks.
How it works
An intrusion detection system can be considered the next evolution of a firewall, as it:
-
Uses more sophisticated methods of inspecting packets.
-
Examines different layers of the network packets.
-
Evaluates a collection of several packets to identify patterns or anomalous behavior.
Alert-only mode
It can be challenging to tune a NIPS properly so that it doesn’t alert (or even worse, block) based on false positives. The first phase of implementation should be to put the NIPS into alert-only mode so that it can be tuned to only generate meaningful alerts.
Block mode
The earlier version of a NIPS is a network intrusion detection system (NIDS), which only provides alerts and can’t block any network traffic. In most cases, a NIPS renders a NIDS obsolete because it can actually block malicious traffic.
Note: Because a NIPS is considered a step above a firewall, which is fundamental to a security program, it’s considered a level 2 security objective.
Get hands-on with 1200+ tech skills courses.