IDS (Detection) and IPS (Prevention) both work to help secure a network.
IDS (Detection) and IPS (Prevention) both work to help secure a network. While an IDS simply detects the intrusion, and IPS works to prevent that intrusion. While every IPS is also and IDS, and IDS is not an IPS. These can work in different ways and be set up differently. They can either be a host based system to protect just one device, or they can be a network based system to protect the entire network. As for how they detect, there is 2 ways there as well. They can either be a signature based system, meaning they follow a certain pre-programmed set of rule (which makes them less reliable since they require someone to input new rules every time there is a new threat) or they can be anomaly based. Anomaly means they learn your system and react to things that are out of the ordinary. These are a better option because they will detect more however, they can sometimes be a pain when they stop normal mundane data that just didn’t get detected in the learning phase. The best option and most common is using both together.
To start this out, I will briefly cover the differences between IDS (Intrusion Detection Systems) and IPS. IDS is meant to scan the packets and then run them through their library and is also known as a monitoring system. IPS systems have the ability to stop the flagged packet from entering and is known as a control system. First we will cover IDS. The first is adaptive and passive IDS systems. Adaptive systems are built to automatically deny any flagged packets without the need of having an operator to handle it. Passive systems are designed to scan and flag any suspicious packet that passes though the network. It also, upon finding a threat, will contact an agent to will fix it. Another IDS system is knowledge-based (Signature-based) IDS. It still uses a library that contains info from previous attacks, but also it knows what its vulnerabilities. The main feature is that after an attack it looks for signatures that are left behind and uses the trail which can be used to identify and prevent that attack from breaching the system again. Now we will cover two types of IPS systems, including host based insertion prevention systems. This IPS is meant for single hosts and is also designed to protect the internal network. The best thing about this IPS is how simple it is do to it being a single host. A single host is a parameter that priorities a single host from within a larger group.Next we will cover wireless intrusion prevention. Wireless intrusion prevention is an IPS they works through the wireless network. This is designed to monitor the network for threats that attempt to access the data. Of course if a packet is marked as a potential threat it prevents it from entering your network.
Types of Intrusion Detection Systems (IDS). (n.d.). OmniSecu. https://www.omnisecu.com/security/infrastructure-and-email-security/types-of-intrusion-detection-systems.php
Priya Pedamkar. (n.d.). Types of Intrusion Prevention System. Educba. https://www.educba.com/types-of-intrusion-prevention-system/