Intrusion Detection System (IDS) is a detective device designed to detect malicious (including policy-violating) actions. An Intrusion Prevention System (IPS) is primarily a preventive device designed not only to detect but also block malicious actions.
Depending on their physical location in the infrastructure, and the scope of protection required, the IDS’ and IPS’ fall into two basic types: network-based and host-based. Both have the same function and the specific type deployed depends on strategic considerations.
WHY ARE IDS’ and IPS’ systems necessary?
The IDS and IPS devices employ technology, which analyses traffic flows to the protected resource in order to detect and prevent exploits or other vulnerability issues.
These exploits can manifest themselves as ill-intended interactions with a targeted application or service. The goal is to interrupt and gain control of an application or a machine, thus enabling the attacker to disable the target causing in a denial-of-service situation, or to gain access to rights and permissions available through the target. Continue reading “The Purpose of Intrusion Detection & Prevention Systems”