An intrusion prevention system (IPS) is a type of security device that protects against unwanted malicious network attacks and intrusions. Typically, an IPS monitors activity between networks and prevents the unwanted activity (e.g., by dropping packets) from occurring once the IPS detects it. A hardware IPS device may have a number of port pairs in which network traffic enters one port of a port pair and exits the other port of the port pair. That is, a port pair functions as an independent bridge between the devices that are connected to a port pair. These devices include routers, hubs, switches, and computers, among other like devices.
While hardware IPS devices may be effective network security devices, they are generally expensive. IPS port pairs are a scarce resource due to the high price of the hardware IPS and the low number of port pairs available. Hence, it is desirable to maximize the use of each port pair.
Similar to physical computer systems, virtual computer systems need protection against these unwanted behaviors. In particular, virtual computer systems need protection not only against intrusions that come from outside of the physical machine on which the virtual computer system is hosted, but also against intrusions that come from other virtual computer systems hosted on the same physical machine. Therefore, virtual computer systems may benefit from utilization of an IPS. In order to do so, network traffic to and from virtual computer systems need to pass through the IPS before reaching its destination.
However, there are problems implementing network security with an IPS in an environment of virtual computer systems that prevent the network traffic to be passed through the IPS before reaching its destination. These problems cause the network traffic to bypass the IPS, leaving virtual computer systems and their hosts vulnerable to malicious attacks and intrusions. Therefore, there is a desire for a mechanism that allows network traffic to and from virtual computer systems to pass through a hardware IPS device.