In this way, if an attack is detected, IPS will stop malicious communication before it spreads to other parts of the network. IDS only exists outside your network to play the role of alarm, not to play a defensive role in front of your network. For more details, please refer to CNW security knowledge base ... There are many IPS systems at present, and they all adopt different technologies. Generally speaking, however, IPS systems rely on the detection of data packets. IPS will examine the packets entering the network, determine the real purpose of such packets, and then decide whether to allow such packets to enter your network. The key technical components of IPS include combined global and local host access control, IDS, global and local security policies, risk management software and a console that supports global access and is used to manage IPS. Just like IDS, IPS needs to reduce false positives or false negatives. It usually uses more advanced intrusion detection technologies, such as heuristic scanning, content inspection, state and behavior analysis, and also combines conventional intrusion detection technologies, such as feature-based detection and anomaly detection. Like Intrusion Detection System (IDS), IPS system can be divided into two types: host-based and network-based. Host-based IPS Host-based IPS relies on agents installed directly in the protected system. It is closely connected with the operating system kernel and services, and monitors and intercepts the system's calls to the kernel or API, thus preventing and recording attacks. It can also monitor the data flow and environment of a specific application (such as the file location and registration items of a web server) to protect the application from common unsigned attacks. Network-based Intrusion Prevention System (Network-based IPS) integrates the functions of standard intrusion detection system (IDS) and is a mixture of intrusion prevention system and firewall, which can be called embedded IDS or gateway IDS (GIDS). Network-based IPS devices can only prevent malicious information flow through the device. In order to improve the efficiency of IPS equipment, it is necessary to force information flow through the equipment. More specifically, the protected information flow must represent the data sent to or from the networked computer system, and it needs to be highly secure and protective in the designated network domain. In this network field, there is a very possible internal burst configuration address, which can effectively divide the network into the smallest protection area and provide the largest effective coverage.