An Intrusion Prevention System (IPS) is a device that is located in-line on a network link and monitors network activities for malicious or unwanted behavior.
Because the Intrusion Prevention Systems operate in-line, they can prevent network attacks by dropping malicious frames while still allowing all other traffic to pass.
Implementation of Intrusion Prevention Systems is supported by the Napatech Network Adapters via functionality, such as:
Implementation of Intrusion Prevention Systems is supported by the Napatech Network Adapters via functionality, such as:
- Frame Classification: The adapter can classify the frames before they are delivered to the host CPU (e.g. find the byte offset to the IP, TCP or UDP payload), whereby the host processing can be accelerated.
- Channel Merging: Enables network frames from several ports to be merged in reception time order and placed in one host buffer, simplifying retrieval of the frames in time order.
- Hash Key Generation: Enables the fast recognition of flows by delivering the hash key as part of the frame information to the host, enabling the host CPU to quickly identify a flow.
- Host-based Retransmit: Enables captured frames to be retransmitted to the network at line speed for any network condition with a minimum of host CPU processing.
When the Napatech Network Adapter is used as an in-line network device, it will by default be invisible on the network, i.e. no MAC address or IP address is shown. This prevents the IPS appliance from being attacked from the network it is protecting.