Compare the Difference Between Similar Terms

Difference Between

Home / Technology / IT / Networking / Difference Between IDS and IPS

Difference Between IDS and IPS

May 25, 2011 Posted by Indika

IDS vs IPS

IDS (Intrusion Detection System) are systems that detect activities that are inappropriate, incorrect or anomalous in a network and report them. Furthermore, IDS can be used to detect whether a network or a server is experiencing an unauthorized intrusion. IPS (Intrusion Prevention System) is a system that actively disconnects connections or drops packets, if they contain unauthorized data. IPS can be seen as an extension of IDS.

IDS

IDS monitor the network and detect inappropriate, incorrect or anomalous activities. There are two main types of IDS. First one is the Network intrusion detection system (NIDS). These systems examine the traffic in the network and monitor multiple hosts for identifying intrusions. Sensors are used to capture the traffic in the network and each packet is analyzed to identify malicious content. The second type is the Host-based intrusion detection system (HIDS). HIDS are deployed in host machines or a server. They analyze data that are local to the machine such as system log files, audit trails and file system changes to identify unusual behavior. HIDS compare the normal profile of the host with the observed activities to identify potential anomalies. In most places, IDS installed devices are placed in between the boarder router and the firewall or outside the boarder router. In some cases IDS installed devices are placed outside the firewall and boarder router with the intension of seeing the full breadth of attempted attacks. Performance is a key issue with IDS systems since they are used with high bandwidth network devices. Even with high performance components and updated software, IDS tend to drop packets since they cannot handle the large throughput.

IPS

IPS is a system that actively takes steps to prevent an intrusion or an attack when it identifies one. IPS are divided in to four categories. First one is the Network-based Intrusion Prevention (NIPS), which monitors the entire network for suspicious activity. The second type is the Network Behavior Analysis (NBA) systems that examine the traffic flow to detect unusual traffic flows which could be results of attack such as distributed denial of service (DDoS). The third kind is the Wireless Intrusion Prevention Systems (WIPS), which analyzes wireless networks for suspicious traffic. The fourth type is the Host-based Intrusion Prevention Systems (HIPS), where a software package is installed to monitor activities of a single host. As mentioned earlier, IPS takes active steps such as dropping packets that contain malicious data, resetting or blocking traffic coming from an offending IP address.

What is the difference between IPS and IDS?

An IDS is a system that monitors the network and detects inappropriate, incorrect or anomalous activities, while an IPS is a system that detects intrusion or an attack and takes active steps to prevent them. Main deference between the two is unlike IDS, IPS actively takes steps to prevent or block intrusions that are detected. These preventing steps include activities like dropping malicious packets and resetting or blocking traffic coming from malicious IP addresses. IPS can be seen as an extension of IDS, which has the additional capabilities to prevent intrusions while detecting them.

Related posts:

Difference Between IAS and IPS Difference Between Airport Extreme and Airport Express Routers Difference Between DLNA and UPnP in Digital Home Difference Between Throughput and Bandwidth Difference Between Static VLAN and Dynamic VLAN

Filed Under: Networking Tagged With: DDoS, distributed denial of service, four categories of IPS, HIDS, HIPS, Host based intrusion detection system, Host-based Intrusion Prevention Systems, IDS, intrusion, Intrusion Detection System, Intrusion Prevention System, IPS, IPS and IDS, NBA, Network Behavior Analysis, Network intrusion detection system, Network-based Intrusion Prevention, NIDS, NIPS, types of IDS, WIPS, Wireless Intrusion Prevention Systems

About the Author: Indika

Indika, BSc.Eng, MSECE Computer Engineering, PhD. Computer Science, is an Assistant Professor and has research interests in the areas of Bioinformatics, Computational Biology, and Biomedical Natural Language Processing.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Request Article

Featured Posts

Difference Between Coronavirus and Cold Symptoms

Difference Between Coronavirus and Cold Symptoms

Difference Between Coronavirus and SARS

Difference Between Coronavirus and SARS

Difference Between Coronavirus and Influenza

Difference Between Coronavirus and Influenza

Difference Between Coronavirus and Covid 19

Difference Between Coronavirus and Covid 19

You May Like

Difference Between Pentax K- r and Pentax K-x

Difference Between SYBR Green and Taqman

Difference Between SYBR Green and Taqman

Difference Between Bamboo Flooring and Hardwood

Difference Between Low-rise and High-rise Men’s Briefs

Difference Between Muscular Dystrophy and Myasthenia Gravis

Difference Between Muscular Dystrophy and Myasthenia Gravis

Latest Posts

  • What is the Difference Between Centric Occlusion and Centric Relation
  • What is the Difference Between Foundation and BB Cream
  • What is the Difference Between Cybrids and Hybrids
  • What is the Difference Between Hapten and Adjuvant
  • What is the Difference Between Omphalocele and Gastroschisis
  • What is the Difference Between Autonomic and Somatic Reflexes
  • Home
  • Vacancies
  • About
  • Request Article
  • Contact Us

Copyright © 2010-2018 Difference Between. All rights reserved. Terms of Use and Privacy Policy: Legal.