Enterprise Cloud Security and Governance
上QQ阅读APP看书,第一时间看更新

Intrusion Prevention Systems

In order to understand IPS, let's take this real-world use case. In and around June 30, 2011, an exploit in vsftpd was introduced. Any system running the vulnerable version of vsftpd could be easily exploited to gain the shell to run any commands.

Since the exploit has a particular signature, the IPS system can block the exploit from reaching the server even if it is running a vulnerable version of the vsftpd application.

Many times, there are zero day exploits that are released and releasing a security patch does take time, maybe a day. In this case, if the signature of the exploit is added in IPS, the production systems can be saved until the time patches are released.