Open in app

Sign in

Write

Sign in

IDS v/s IPS

Cyber Goddess
2 min readOct 22, 2022

--

IDS- Intrusion Detection System

Intrusion Detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents,which are violations or imminent threats of violation of computer security policies,acceptable use policies,or standard security practices.

IDE is a software that automates the intrusion detection process.

Different types of IDS

A network intrusion detection system(NIDS) is deployed at a strategic points within the network,where it can monitor inbound and outbound traffic to and from all the devices on the network.

Host Intrusion detection system(HIDS) run on all computers or devices in the network with direct access to both the internet and the enterprise internal network.HIDS have an advantage over NIDS in that they may be able to detect anomalous network packets that originate from inside the organization or malicious traffic that a NIDS has failed to detect.HIDS may also be able to identify malicious traffic that originates from the host itself,as when the host has been infected with malware and is attempting and is attempting to spread to other systems.

Signature based intrusion detection system monitors all the packets traversing the network and compares them against a database of signatures or attributes of known malicious threats,much like antivirus software.

Anomaly based intrusion detection system monitor network traffic and compare it against an established baseline,to determine what is considered normal for the network with respect to bandwidth,protocols,ports and other devices.This type of IDS alerts administrators to potentially malicious activity.

IPS — Intrusion Prevention System

An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats. Intrusion prevention systems continuously monitor your network, looking for possible malicious incidents and capturing information about them. The IPS reports these events to system administrators and takes preventative action, such as closing access points and configuring firewalls to prevent future attacks. IPS solutions can also be used to identify issues with corporate security policies, deterring employees and network guests from violating the rules these policies contain.

With so many access points present on a typical business network, it is essential that you have a way to monitor for signs of potential violations, incidents and imminent threats. Today’s network threats are becoming more and more sophisticated and able to infiltrate even the most robust security solutions.

IDS V/S IPS

IDS are detection and monitoring tools

IPS is a control system

IDS tools do not take action on their own

In IPS,control system accepts and rejects a packet based on the rule-set

IDS requires a human or another system to look at the results

IPS requires the the database gets regularly updated with new threat data

Both read network packets and compare the components to a database of known threats.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ids
Ips
Cyber Security
Taniya Rose

--

--

Cyber Goddess
Cyber Goddess

Written by Cyber Goddess

6 Followers
1 Following

Cyber Security Researcher | Vlogger

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams