Question

Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can they be used to compare the features and components of each IDPS? Create a comparison spreadsheet to identify the classification systems you find.

Answer 1

So Lets see what is an intrusion detection and prevention system, (IDPS), It is is an extension of Intrusion detection system (IDS) technology, which can find and also helps to prevent the intrusion from safely securing attacks the network.

Classification of Intrusion detection system type-1:

• Host Based IDS

• Network Based IDS (NIDS)

• Hybrid Based IDS(HIDS)

Step 2

Classification of Intrusion detection system type-2:

Classification is done on the basis of analysis pattern of the intrusion detection system. This scheme pattern can be broadly divided into two groups:

• Knowledge based Intrusion Detection System

o Expert systems

o Signature analysis

o State transition

o Petri Nets

• Anomaly Based Intrusion Detection System.

o Statistical based IDS

o Neural networks IDS

o Expert system IDS

o Data mining

o Computer immunology IDS

Step 3

Intrusion prevention systems are ofyen classified into four different types:

• Network-based intrusion prevention system (NIPS):

o Checks the entire network for suspicious traffic by examining the network traffic using analyzing protocol and take the appropriate action.

• Wireless intrusion prevention systems (WIPS):

o Monitor a wireless network for suspicious traffic by analyzing wireless networking protocols.

• Network behavior analysis (NBA):

o Examines network traffic to identify threats such as distributed denial of service (DDoS) attacks and policy violations.

• Host-based intrusion prevention system (HIPS):

o A software agent installed in the single host, monitors suspicious activity by analyzing events occurring within that host.

Step 4

Parameters used for comparative analysis is given below:

Type	Category in which this tool belongs.
Operating System	The operating system(s) on which the tool runs. If the operating system is embedded in the tool then a “not applicable” symbol (N/A) is placed in the column.
License	The type of license under which the tool is distributed, e.g., Commercial, Freeware, GNU Public License
Based on	Technique being used to find detection

Comparative analysis of IDPS system based on the parameters in the above table is shown below:

Name	Type	OS	License	Based on
CSP alert plus	HIDS	Windows	Commercial	Rule based
eEye®Retina	HIDS	Windows	Commercial	Rule based
eEye Secure II web server protection	HIDS	Windows	Commercial	Rule based
GFI events manager	HIDS	Windows	Commercial	Rule based
IBM® real secure®server sensor	HIDS	Windows	Commercial	Rule based
McAfee® Host intrusion prevention	HIDS	Linux, Windows	Commercial	Rule based
Tripwire® enterprise	HIDS	Linux, Windows ,and unix	Commercial	Audit assessment
Arbor networks peak flow® X	NIDS	N/A	Commercial	Behavior based
Arc Sight®	NIDS	N/A	Commercial	Anomaly based