IPS/IDS

Role of an IDP

The role of an IDP system in the network is often confused with access control and application layer firewalls. Although there are similarities in the way that IDP and firewalls approach a network or system, there are fundamental differences regarding the security functionalities. An IDP is in most cases designed to operate completely invisibly on the network. An IDP does not have an IP address for the segments that are monitored and do not respond directly to the network traffic, but monitor the network traffic silently as it passes. Important advantages are that the IDP technology gives a better insight with regard to various operations that take place on the network such as overactive hosts, bad logins, unauthorized content and other network and application layer functionalities.

What is an Intrusion Prevention System (IPS)?

An Intrusion Prevention System is a security device that can monitor network and/or system activities for undesirable behaviour. An Intrusion Prevention system can react to this in real-time by blocking or preventing such activities. Network-based IPS systems operate 'in-line' so that all network traffic can be monitored for malicious codes and attacks. If an attack is detected, the IPS can stop (suspect) the "suspicious" packets, while the remaining network traffic can continue.

What is an Intrusion Detection System?

An IDS (Intrusion Detection System) is an automated system that detects unauthorized access to a network information system. Unauthorized access provides information about the confidentiality, integrity or information of information. This can range from hits by specialized hackers to script kiddies that are automated - and not used. This in combination with an Intrusion Prevention System (IPS) is an Intrusion Detection Prevention System (IDP).