Sistema de Prevenção de Intrusões (IPS)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/ips/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>
Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/ips/
Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/ips/)
Use the native HTML custom element.
Definição
Um sistema de segurança de rede que monitora o tráfego em busca de atividades maliciosas e bloqueia ou descarta ativamente as ameaças detectadas em tempo real. Um IPS estende as capacidades de detecção passiva de um IDS com prevenção inline.
How an IPS Differs from an IDS
An Intrusion Prevention System goes one step beyond detection — it sits inline on the network path and can drop, reset, or quarantine malicious traffic in real time. Intrusion Detection System (IDS)A security system that monitors network traffic or system activity for suspicious patterns and known attack signatures. Unlike a firewall, an IDS detects and alerts on threats but does not actively block them. systems only alert; an IPS acts. This inline position gives it authority to block DDoSDistributed Denial of Service. An attack that overwhelms a target server or network with massive traffic from many compromised sources (a botnet), rendering the service unavailable to legitimate users. floods, exploit payloads, and port-scan reconnaissance before packets reach their target.
Detection Techniques
Modern IPS engines combine three complementary methods:
- Signature-based — matches known attack patterns (CVE exploits, malware shellcode)
- Anomaly-based — flags statistical deviations from a learned baseline (sudden spike in ICMP traffic)
- Policy-based — enforces explicit rules regardless of content (block all outbound FTP)
Next-generation IPS (NGIPS) layers SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3. inspection to catch threats hidden inside encrypted streams, integrating with FirewallA network security device or software that monitors and filters incoming and outgoing traffic based on predefined rules. Firewalls can block traffic by IP address, port number, protocol, or application-layer content. platforms for coordinated policy enforcement.
Placement and Tuning
An IPS is typically deployed just behind the perimeter firewall or at internal segment boundaries. False positives are the main operational challenge — an aggressive rule set can block legitimate traffic. Tuning involves setting thresholds, whitelisting known-good sources, and regularly updating signature feeds. Open Port Checker can help verify that legitimate services remain reachable after policy changes.