Intrusion Detection and Prevention (IDS/IPS) Systems

Intrusion detection and prevention systems (IDSs/IPSs) are implemented to prevent unauthorized access by attackers. An IDS passively monitors the network to report suspicious activity, whereas an IPS actively guards against threats, rather than just detecting the threats. IT expert Prashant Phatak explains the two systems using an example (2011):

…a network intrusion detection system (NIDS) will monitor network traffic and alert security personnel upon discovery of an attack. A network intrusion prevention system (NIPS) functions more like a stateful firewall and will automatically drop packets upon discovery of an attack.

Several organizations prefer an IDS over an IPS, because in the case of false positives, an IPS will stop the activities and disrupt the business, but an IDS will only report and not affect the business.


Phatak, P. (2011). The importance of intrusion prevention systems.