In the real world a firewall is a solid barrier between a precious asset on one side and a hazard on the other. Firewalls are often used to protect an organization from hazards on the Internet but they can, and probably should, also be used within an organization to separate different departments, working areas or networks. Locked offices and buildings cannot protect information if the computers holding it are open to everybody on the network. Firewall has many shortages, such as it cannot keep away interior attacks, it cannot provide a consistent security strategy, and it has a single bottleneck spot and invalid spot, etc. The rapid growth of computer networks has changed the prospect of network security. An easy accessibility condition causes computer networks to be vulnerable against numerous and potentially devastating threats from hackers. Intrusion Prevention Systems (IPS) evolved after that to resolve ambiguities in passive network monitoring by placing detection systems on the line of attack. IPS in other words is IDS that are able to give prevention commands to firewalls and access control changes to routers.IPS can be seen as an improvement upon firewall technologies. It can make access control decisions based on application content, rather than IP address or ports as traditional firewalls do.
Keywords
firewall. Intrusion Prevention Systems (key words)
