To the general public, an article called "NIPS and HIPS" might sound like a discussion about intrusive plastic surgery. For security administrators, though, "NIPS and HIPS" should sound like a dream come true: preventive remedies for fending off a long laundry list of network attacks.
NIPS and HIPS are two types of Intrusion Prevention Systems (IPSs). Some security administrators believe IPS is just a marketing term that lets vendors promote Intrusion Detection Systems (IDSs) in a new way. Other people are less skeptical and see IPS as the next evolutionary step in network protection devices. These opinions are commonly based on the various definitions of IPS. Even the IPS vendors can't agree on a standardized definition or technology model. However, this technology is new. Only time will tell if the market will embrace it.
The most commonly agreed-on definition is that an IPS is an inline device that is a combination of an IDS and application-layer firewall. Most organizations don't use firewalls that work at the application layer of the network stack because of the performance hit that occurs with having to use so much processing power to dig through all of the components of each and every packet to try to identify something malicious. Today's firewalls mainly make their access decisions based on the network and transport layers of a packet, which misses many of the crucial portions that can be carrying malicious payloads. . . .
Register
