What is Difference between Intrusion Detection System and Intrusion Prevention System?
May.09, 2009 in
IPS
Good Day!
Welcome to the best information of Internet Security. You can find a lot of useful discussion about how to protect your computing resources, both at home and in the office. In fact, I'd better call our topic here Information Security rather than Internet Security. It is about protecting your precious information.
-
Categories
- Access Control
- Application Security
- Attack Methodologies
- Business Continuity
- Computer Forensic
- Cryptography
- Firewall
- General Information Security
- Google Hacking
- IDS
- Information Security Career
- Information Security FAQ
- IPS
- Network Security
- Operations Security
- Physical Security
- Risk Management
- Security Management
- Security Tools
- Virus, Spyware and Malware
- Vmware
Email Subscription
-
Sponsors
Tags
Access Control anti-virus anti-virus software Authentication Authorization availability Beyond Fear Bruce Schneier Brute Force Attack Caesar Cipher Certificate Authority ciphertext confidentiality Cryptographic Key Cryptography cryptology decryption encryption Firewall Google Hacking IDS Information Owner Information Risk Management Information Security Information Security Management integrity Intrusion Detection System Leon Battista Alberti malware Operations Security password management Physical Security Private Key Risk Management Risk mitigation Spyware TCP Threats Trojan Horse TrueCrypt USB Data Encryption Virus, Spyware and Malware Vulnerabilities Vulnerability work factor
May 9th, 2009 at 4:32 pm
Bulk Coffee Direct
Intrusion Detection Systems simply detect possible intrusions and possibly notify the administrators
Intrusion Prevention Systems will not only detect the intrusions but will take actions like terminating the connection.
May 9th, 2009 at 10:15 pm
Bulk Coffee Direct
The primary difference between an IDS and an IPS is that an IDS is a reactive security mechanism and an IPS is a proactive security mechanism. An IDS will attempt to attacks as they are occurring (that is, once the system has recognized that an attack is occuring) and an IPS will attempt to determine whether incoming traffic is ‘probably’ malicious before it is received by the intended recipient.
An IDS is easier to build; for example, an IDS can reject any traffic attempting to access ‘/etc/passwd’.
An IPS *can* be more effective; for example, an IPS can categorize traffic (in real-time) and determine whether its malicious or not, and before it received by the intended recipient.
Snort and Cisco PIX can do these types of things, to name a few.
May 9th, 2009 at 11:58 pm
Some people criticize that IPS has an inherent problem of automatic response to suspicious attack signals. This automatic response action can in turn be used by hackers to trigger incorrect but damaging action by the IPS.
For example, it can initiate an IPS to stop the connection of an active and normal port in a network hub by sending some traffic pattern that triggers the IPS’s monitoring system to response by shutting down the port. But actually, the port is running normally and the hacker simply wants the IPS to do this to achieve Denial of Service (DOS) attack to that port.
Damen