Intrusion detection and prevention systems (IDSs/IPSs) are implemented to prevent unauthorized access by attackers. An IDS passively monitors the network to report suspicious activity, whereas an IPS actively guards against threats, rather than just detecting the threats. IT expert Prashant Phatak explains the two systems using an example (2011):
…a network intrusion detection system (NIDS) will monitor network traffic and alert security personnel upon discovery of an attack. A network intrusion prevention system (NIPS) functions more like a stateful firewall and will automatically drop packets upon discovery of an attack.
Several organizations prefer an IDS over an IPS, because in the case of false positives, an IPS will stop the activities and disrupt the business, but an IDS will only report and not affect the business.
References
Phatak, P. (2011). The importance of intrusion prevention systems. http://opensourceforu.com/2011/01/importance-of-intrusion-prevention-systems/
Resources
Required
- Implementation and Analysis of DoS Attack Detection Algorithms
- A Network Intrusion Detection System Framework Based on Hadoop and GPGPU
- Intrusion Detection Systems (IDS) by Marr Madden
- Intrusion Detection Systems (IDS)
- Intrusion Detection
- False Positive Responses Optimization for Intrusion Detection System
- A Model for Anomaly Classification in Intrusion Detection Systems