Intrusion-prevention system

An Intrusion-prevention system (a computer security term) is used to actively drop packets of data or disconnect connections that contain unauthorised data. Intrusion-prevention technology is also commonly an extension of intrusion detection technology (IDS).

There is as of the time of this writing (2003) no clear definition as to what encompasses an intrusion-prevention system, but in reality it can contain the following functionality:

• To identify unauthorised traffic based on signature matches
• To identify unauthorised traffic based on protocol anomaly detection
• To terminate or degrade the quality of service based on bad matches
• To log and/or alert administration in real-time or historically on matched traffic
• To provide forensic data on its detection of anomalous packets.