O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

22.3. Network Intrusion Prevention Systems

Finding possible intrusions is helpful to a system administrator who wants to learn what the bad guys are up to and take action, manually, to improve the network's defenses. However, even the best administrator can't react instantly or be available to respond to new threats 24 hours a day. Moreover, by the time a NIDS has noticed a problem, some damage may already be done. As a result, there's an even more powerful tool, a network intrusion prevention system, or NIPS. A NIPS relies on the same infrastructure as a NIDS but adds a component: a hook that ties into a system that can cut off an attacker's access, such as a firewall or router. An administrator can typically configure a NIPS such that whenever malicious traffic matching a certain description or level of severity appears, a new firewall rule is added or other appropriate action is taken to protect the network automatically.

Unlike a NIDS, which can sniff network traffic from anywhere on the network, a NIPS — or at least the component that does the blocking of network traffic — must reside in a device that's logically between the outside world and the local network. So, for example, a Mac that uses software to act as a NIPS could be connected between the gateway or firewall and a router that mediates Internet access for the rest of the network, or it can be the same Mac that functions as a network firewall; but one way or another, the NIPS can't block network traffic unless the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required