College Finder
English flagItalian flagKorean flagChinese (Simplified) flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flag
By N2H




Intrusion detection system Vs Intrusion prevention systems

December 18, 2009


Intrusion detection system (IDS) is a system that monitors the network for any suspicious activity or external attacks that are aimed at interrupting the normal working of the network or the computer systems. IDS have sensors that monitor audit logs, external communication, and any suspicious activity. An analyzer examines these activities and normally compares these activities to known attack patterns, it then classifies them and alerts systems administrator in case an activity is considered an attack.

Intrusion prevention systems (IPS) monitors the network for suspicious activity, malicious programs or attacks and can block or redirect the traffic as it comes (in real time). IDS only monitors and reports, it doesn’t block suspicious activity. An IPS also has a sensor and an analyzer that monitors the network traffic as it comes in and this traffic is analyzed against known attack signatures or “bad” traffic patterns. When an attack is recognized, the connections can be reset, blocked, quarantined or the offending packet can be dropped and an alert generated and sent to the system administrator.

  The main advantage of an IPS over IDS is that IPS can block, reject and drop suspicious traffic while IDS can only report or alert the administrator about the suspicious traffic.

 Another advantage is that an intrusion prevention system (IPS) can decrypt encrypted traffic for further inspection and monitoring unlike an intrusion detection system which doesn’t have this ability so encrypted traffic passes through without inspection.

An Intrusion prevention system (IPS) interacts with traffic in real time i.e. as it occurs and thus it’s able to prevent attacks in real time unlike an Intrusion detection system (IDS) that sits passively and watches the traffic but does not interact with it.

The disadvantage of an IPS over IDS is usually the price, an IPS costs much more than an IDS and this is because it has added functionality and it is a newer technology compared to IDS.


Page copy protected against web site content infringement by Copyscape

Written by Anthony Kinyua · Filed Under IT Audit & Security 

Comments

Got something to say?





FireStats icon Powered by FireStats