IDS (Intrusion Detection System)
As its name suggest that it's designed to detect malicious or suspicious activity in the network by scanning data packets and monitoring the network traffic. It detects packet forwarding if its a good or bad packet where bad packet determines of malicious threats or any kind of risk.
It generates logs to identify suspicious activity.
It can not prevent malicious threats or attacks from inside the environment or outside, the aim behind the design the IDS to give warnings of that suspicious or malicious activity or threats to the system administrators or security/network admin.
It continuously monitors and analyzes the incident, violations, and threats which may be breaking the network security.
IPS (Intrusion Prevention System)
Its is designed to prevent the malicious or suspicious threat and activities which are detected by IPS in the network.
Its design to block suspicious and malicious activities and threats before it develops and succeeds.
By using security policies and rules one can configure it in the environment.
IDS/IPS feature can be leverage from hardware-based security devices like (Firewall) or Host-based application (Network security application like NSX-T IPS/IDS for the distributed environment and application-specific) to secure the network & endpoint security
In my next post, I'll be discussing more on NSX-T IPS/IDS methodology as a host-based application.
But an IDS once the issue is in network can undertake a TCP reset so there are actions it can do more like very limited damage reduction than damage prevention that an IPS can do.
ReplyDeleteWell, Terminology of IDS is to detect the threat on the network space where its not taking any specific steps for prevention and that is where IPS plays its role.
ReplyDelete