Intrusion Detection System Vs. Intrusion Prevention System
Intrusion Detection System (IDS) is a computer security system that monitors network traffics for malicious activities and alert the network administrator when malicious activities detected. IDS performs a passive monitoring and implement in passive/promiscuous mode. IDS can detect the malicious activities but cannot prevent it. IDS have these capabilities include: Monitoring about malicious activities Auditing about malicious activities Forensics about malicious activities Reporting about malicious activities Figure 1: Intrusion Detection System Attacker sends a malicious traffic via internet to the target host. Data packets will reach to both network and IDS. In IDS, packet will be inspected by sensor. Store the log report on management console. Intrusion Prevention System (IPS) is a computer security mechanism that inspect a network traffics for malicious activities (security threats or policy violations) and take actions for detected activities. IPS have capab