How Does an IDS and IPS Work?
IDS and IPS are solutions that enhance network security. They should be implemented as an information infrastructure security level that immediately follows the firewall. An IDS is a threat and security incident monitoring and notification solution. An IPS takes additional measures to prevent attacks or minimise their impact, or actively respond to a security breach. An IPS is a highly advanced and the most efficient IT security system that is gaining increasing acceptance among administrators. An IPS uses multi level analysis and security mechanisms, e.g.: protocol analyses, network traffic anomaly detection and event correlation. It also supports custom rules based on attack pattern comparisons.
An IDS usually works as a sniffer that detects security breach attempts and optionally informs the firewall about the location (IP address) where the attack originates. Consequently, the firewall usually blocks the specified address. An IDS responds more flexibly: after an attack is detected, the system only blocks packets that are involved in the attack.
|
