침입 방지 시스템 (IPS)

보안

정의

악의적인 활동에 대한 트래픽을 모니터링하고 실시간으로 탐지된 위협을 능동적으로 차단하거나 드롭하는 네트워크 보안 시스템입니다. IPS는 인라인 방지 기능으로 IDS의 수동적 탐지 기능을 확장합니다.

How an IPS Differs from an IDS

An Intrusion Prevention System goes one step beyond detection — it sits inline on the network path and can drop, reset, or quarantine malicious traffic in real time. Intrusion Detection System (IDS)A security system that monitors network traffic or system activity for suspicious patterns and known attack signatures. Unlike a firewall, an IDS detects and alerts on threats but does not actively block them. systems only alert; an IPS acts. This inline position gives it authority to block DDoSDistributed Denial of Service. An attack that overwhelms a target server or network with massive traffic from many compromised sources (a botnet), rendering the service unavailable to legitimate users. floods, exploit payloads, and port-scan reconnaissance before packets reach their target.

Detection Techniques

Modern IPS engines combine three complementary methods:

  • Signature-based — matches known attack patterns (CVE exploits, malware shellcode)
  • Anomaly-based — flags statistical deviations from a learned baseline (sudden spike in ICMP traffic)
  • Policy-based — enforces explicit rules regardless of content (block all outbound FTP)

Next-generation IPS (NGIPS) layers SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3. inspection to catch threats hidden inside encrypted streams, integrating with FirewallA network security device or software that monitors and filters incoming and outgoing traffic based on predefined rules. Firewalls can block traffic by IP address, port number, protocol, or application-layer content. platforms for coordinated policy enforcement.

Placement and Tuning

An IPS is typically deployed just behind the perimeter firewall or at internal segment boundaries. False positives are the main operational challenge — an aggressive rule set can block legitimate traffic. Tuning involves setting thresholds, whitelisting known-good sources, and regularly updating signature feeds. Open Port Checker can help verify that legitimate services remain reachable after policy changes.

관련 용어

보안에서 더 보기