IPS Stands for Intrusion Prevention System. It means When any Malicious Activity happens in the Network. IDS will Detect the activity, which is used to identify potential threats and respond to them swiftly.

The IPS often sits directly behind the firewall and it provides a complementary layer of analysis that negatively selects for dangerous content. Unlike its predecessor the Intrusion Detection System (IDS)—which is a passive system that scans traffic and reports back on threats—the IPS is placed inline (in the direct communication path between source and destination), actively analyzing and taking automated actions on all traffic flows that enter the network. Specifically, these actions include:

  • Sending an alarm to the administrator (as would be seen in an IDS)
  • Dropping the malicious packets
  • Blocking traffic from the source address

Resetting the connection