How intrusion prevention works

Article:HOWTO54837  |  Created: 2011-06-29  |  Updated: 2011-12-20  |  Article URL http://www.symantec.com/docs/HOWTO54837
Article Type
How To


Subject


How intrusion prevention works

Intrusion prevention is part of Network Threat Protection.

Intrusion prevention automatically detects and blocks network attacks and attacks on browsers. Intrusion prevention is the second layer of defense after the firewall to protect client computers. Intrusion prevention is sometimes called the intrusion prevention system (IPS).

See Managing intrusion prevention on your client computers

Intrusion prevention intercepts data at the network layer. It uses signatures to scan packets or streams of packets. It scans each packet individually by looking for the patterns that correspond to network or browser attacks. Intrusion prevention uses signatures to detect attacks on operating system components and the application layer.

Intrusion prevention provides two types of protection.

Network intrusion prevention

Network intrusion prevention uses signatures to identify attacks on client computers. For known attacks, intrusion prevention automatically discards the packets that match the signatures.

Browser intrusion prevention

Browser intrusion prevention monitors attacks on Internet Explorer and Firefox. Browser intrusion prevention is not supported on any other browsers.

This type of intrusion prevention uses attack signatures as well as heuristics to identify attacks on browsers.

For some browser attacks, intrusion prevention requires that the client terminate the browser. A notification appears on the client computer.


Legacy ID



v36814179_v59371755


Article URL http://www.symantec.com/docs/HOWTO54837


Terms of use for this information are found in Legal Notices