what is ips ? briefly explain
Answers
Answer:
The Indian Police Service is a civil service under the All India Services. It replaced the Indian Imperial Police in 1948, a year after India became independent from the British Raj. Wikipedia
Cadre Controlling Authority: Ministry of Home Affairs, Government of India
Cadre Strength: 3,894 members (2016)
Minister Responsible: Amit Shah, Union Cabinet Minister for Home Affairs
Selection: Civil Services Examination
Association: IPS (Central) Association
Staff College: Sardar Vallabhbhai Patel National Police Academy, Hyderabad
Answer:
An intrusion prevention system (IPS) is a network security and threat prevention tool. The idea behind intrusion prevention is to create a preemptive approach to network security so potential threats can be identified and responded to swiftly. Intrusion prevention systems are thereby used to examine network traffic flows in order to find malicious software and to prevent vulnerability exploits.
An IPS is used to identify malicious activity, record detected threats, report detected threats and take preventative action to stop a threat from doing damage. An IPS tool can be used to continually monitor a network in real time.
Intrusion prevention is a threat detection method that can be utilized in a security environment by system and security administrators. These tools are useful for systems as a prevention action for observed events. In addition, with many potential ways that suspicious activity can occur, it is important to have a plan in place for detecting potential attacks.
An intrusion prevention system is made to expand on the base capabilities found in intrusion detection systems (IDSes).
How do intrusion prevention systems work?
An intrusion prevention system will work by scanning through all network traffic. To do this, an IPS tool will typically sit right behind a firewall, acting as an additional layer that will observe events for malicious content. In this way, IPS tools are placed in direct communication paths between a system and network, enabling the tool to analyze network traffic.
The following are three common approaches for an IPS tool to protect networks:
signature-based detection in which the IPS tool uses previously defined attack signatures of known network threats to detect threats and take action;
anomaly-based detection in which the IPS searches for unexpected network behavior and blocks access to the host if an anomaly is detected; and
policy-based detection in which the IPS first requires administrators to make security policies -- when an event occurs that breaks a defined security policy, an alert is sent to system administrators.
If any threats are detected, an IPS tool is typically capable of sending alerts to the administrator, dropping any malicious network packets, and resetting connections by reconfiguring firewalls, repackaging payloads and removing infected attachments from servers.
IPS tools can help fend off denial-of-service (DoS) attacks, distributed denial-of-service (DDoS) attacks, worms, viruses or exploits, such as a zero-day exploit. According to Michael Reed, formerly of Top Layer Networks (acquired by Corero), an effective intrusion prevention system should perform more complex monitoring and analysis, such as watching and responding to traffic patterns, as well as individual packets. "Detection mechanisms can include address matching, HTTP [Hypertext Transfer Protocol] string and substring matching, generic pattern matching, TCP [Transmission Control Protocol] connection analysis, packet anomaly detection, traffic anomaly detection and TCP/UDP [User Datagram Protocol] port matching."
Explanation: