A method of preventing intrusions on a node of a network comprising monitoring, by a first layer of an intrusion prevention system, application data of applications running at on the node, monitoring, by a second layer of the intrusion prevention system, transport layer data of the node, and monitoring, by a third layer of the intrusion prevention system, network layer data of the node is provided. A computer-readable medium having stored thereon a set of instructions to be executed, the set of instructions, when executed by a processor, cause the processor to perform a computer method of monitoring application layer data, by a first layer of an intrusion prevention system comprised of the instructions, of a node of a network, the node comprising the processor, monitoring transport layer data, by a second layer of the intrusion prevention system, of the node of the network; and monitoring network layer data, by a third layer of an intrusion prevention system, of the node of the network is provided. A node of a network, comprising a central processing unit, a memory module for storing data in machine readable format for retrieval and execution by the central processing unit, and an operating system comprising a network stack comprising a protocol driver, a media access control driver, the memory module storing an instance of an intrusion protection system application operable to monitor application layer data and an intrusion prevention system transport service provider layer, and the operating system having an intrusion prevention system network filter service provider bound to the media access control driver and the protocol driver is provided.