Stands for "Intrusion Prevention System." An IPS is a network security system designed to prevent malicious activity within a network. It is often used in combination with a network detection system (IDS) and may also be called an intrusion detection and prevention system (IDPS).
Like an IDS, an IPS may include hardware, software, or both. It may also be configured for a network or a single system. However, unlike IDSes, intrusion prevention systems are designed to prevent malicious activity, rather than simply detecting it.
When an IDS detects suspicious activity, such as numerous failed login attempts, it may log the IP address. If it detects a suspicious data transfer, it may check the packets against a database of known viruses to see if any any malicious code is being transferred. When an intrusion detected, an IDS compares the activity to a set of rules designed to prevent malicious activities from taking place. For example, when an IDS detects numerous failed logins, it may block the IP address from accessing any network devices. If it detects a virus, the data may be quarantined or deleted before it reaches its destination.
Examples of hardware-based IPSes include Cisco's IPS 4500 Series, IBM's Security Network "GX" systems, and HP's TippingPoint "NX" devices. Software IPS solutions include Check Point's IPS Software Blade and McAfee's Host Intrusion for Desktop.
Updated: May 10, 2014