Q. What is the difference between Intrusion Detection Systems and Intrusion Prevention Systems?

A. That is acutally a very good question, these terms are a lot of times used interchangeably but they should not be. An Intrusion Detection System or IDS as they are more commonly known are just that, a detection system. An IDS is usally signature based and monitors all traffic going into and leaving a network. This piece of equipment is usually placed between your router and a home computer. An IDS looks at every packet or piece of information coming into and going out of your network to see if it matches a signature (behavior that looks like an attack) and then it alerts your that an attack is taking place. An IDS does nothing but monitor traffic and alert you if something doesn’t look right, it is then your responsibility to act on that alert.

Intrusion Prevention Systems are identical to an IDS except IPS will take action against a suspected attack. The monitoring and the alerting are still the same on an IPS but different reactions can be configured to actively stop an attack in progress. Reactions such as closing the port, blocking a port, and even adding rules to block IP addresses.

I hope this helps answer your question and if you have any more questions please feel free to email me at mwalton@mikenetpc.com