IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) both increase the security level of networks, monitoring traffic and inspecting and scanning packets for suspicious data. Detection in both systems is mainly based on signatures already detected and recognized.
The main difference between one system and the other is the action they take when an attack is detected in its initial phases (network scanning and port scanning).
- The Intrusion Detection System (IDS) provides the network with a level of preventive security against any suspicious activity. The IDS achieves this objective through early warnings aimed at systems administrators. However, unlike IPS, it is not designed to block attacks.
- An Intrusion Prevention System (IPS) is a device that controls access to IT networks in order to protect systems from attack and abuse. It is designed to inspect attack data and take the corresponding action, blocking it as it is developing and before it succeeds, creating a series of rules in the corporate firewall, for example.
PARAMETER
IPS
Intrusion Prevention System
IDS
Intrusion Detection System
System Type
Active (monitor & automatically defend) and/ or passive
Passive (monitor and Notify)
Detection mechanism
- Statistical anomaly based detection
- Signature detection:
- Exploit-facing signatures
- Vulnerability-facing signatures
- Signature detection:
- Exploit-facing signatures
Placement
Inline to data communication
Out of band from data communication
Anomaly response
Drop, alert or clean malicious traffic
Sends alarm/alert of detecting malicious traffic
Network performance impact
Slows down network performance due to delay caused by inline IPS processing
Does not impact network performance due to non-line deployment of IDS.
Benefits
Preferred by most organizations since detection and prevention are automatically performed
Does not block legitimate traffic which might be blocked by IPS at times.