Intrusion Detection / Prevention

Intrusion Detection and Prevention (IDP)

This is a combination of intrusion detection and intrusion prevention.
In popular nomenclature, the term Intrusion Detection Systems (IDS) is often confused for IDP. Strictly speaking, IDS refers to an application that recognizes that an attack is taking place. IPS (Intrusion Prevention System) refers to an application that takes steps to prevent network attacks based on data gathered by an IDS.


Intrusion Detection System (IDS)

An application designed to detect network-based attacks, such as Denial of Service (DoS) attacks. Once an attack is detected, attack details are logged and the system administrator is notified. The term is often misused to describe both detection and prevention. However, in its purest form, IDS is about detecting attacks not preventing them.


Intrusion Prevention System (IPS)

An application designed to prevent network-based attacks, such as Denial of Service (DoS) attacks. Once an Intrusion Detection System (IDS) detects an attack, an IPS will take actions to cease the current, and prevent future, attacks. Actions can include terminating offending connections and reconfiguring firewalls to intercept the attack.An array of point technologies, ranging from stateful inspection firewalls to signature-matching AV, inline network-based IDS sensors and anomaly/traffic flow monitors, will work in concert to inspect traffic at various points of the network for malicious activity. Suspicious traffic can be blocked by firewalls or redirected to honeypots or both.

Numerous, diverse solutions exist in this space, including offerings by Fortinet, ISS, Juniper,  and Symantec.