An intrusion prevention system is any device which exercises access control to protect computers from exploitation. "Intrusion prevention" technology is considered by some to be an extension of intrusion detection (IDS) technology, but it is actually another form of access control, like an application layer firewall. The latest Next Generation Firewalls leverage their existing deep packet inspection engine by sharing this functionality with an intrusion prevention system.

Intrusion prevention systems (IPS) were created to resolve ambiguities in passive network monitoring by placing detection systems in-line. A considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done. As IPS systems were originally a literal extension of intrusion detection systems, they continue to be related.

Intrusion prevention systems may also serve secondarily at the host level to deny potentially malicious activity. There are advantages and disadvantages to host-based IPS compared with network-based IPS. In many cases, the technologies are thought to be complementary.

An Intrusion Prevention system must also be a very good Intrusion Detection system to enable a low rate of false positives. Some IPS systems can also prevent yet to be discovered attacks, such as those caused by a Buffer overflow.

Intrusion detection systems (IDS)
IPS have many advantages over their legacy counterparts, intrusion detection systems (IDS). One advantage is they are designed to sit inline with traffic flows and prevent attacks in real-time. In addition, most IPS solutions have the ability to look at (decode) layer 7 protcols like HTTP, FTP, and SMTP which provides greater awareness. When deploying NIPS however, consideration should be given to whether the network segment is encrypted or not as many products are unable to support inspection of such traffic.

Intrusion detection system types:

Host based
Unlike Network Intrusion prevention systems (NIPS) which protect corporate servers, databases, applications, etc. at the perimeter of the corporate network; Host-based intrusion prevention systems (HIPS) use small pieces of software (agents) that reside on each individual server, database, workstation, etc. (i.e. on the "host" itself). Where NIPS is a broader more general network safeguard, HIPS has the security advantage of providing much more specific and granular protection to each host against advanced malicious code attacks.

Network
Network intrusion prevention systems (NIPS) are purpose built hardware/software plaforms that are designed to analyze, detect and report on security related events. NIPS are designed to inspect traffic and based on their configuration or security policy, they can drop malicious traffic.

Content based
Content based IPS (CBIPS) inspect the content of network packets for unique sequences, called signatures, to detect and hopefully prevent known types of attack such as worm infections and hacks.