Intrusion detection system (IDS)
R3zk0n Β· October 2, 2025
- An IDS is a passive system designed to identify when a network breach or attack against the network is occurring.
- Usually designed to inform a network administrator when a breach or attack has occurred through log files, SMS, and/or an email notification.
- An IDS cannot prevent or stop a breach or attack on its own.
- It receives a copy of all traffic and evaluates it against a set of standards:
- Signature based: evaluates network traffic for known malware or attack signatures.
- Anomaly based: evaluates network traffic for suspicious changes.
- Policy based: evaluates network traffic against a specific declared security policy.
- May be deployed at the host level.
- Host-based intrusion detection system (HIDS).
Intrusion prevention system (IPS).
- An IPS is an active system designed stop a breach or attack from succeeding in damaging the network.
- Usually designed to perform an action or set of actions to stop the malicious activity.
- Will inform a network administrator through the use of log files, SMS, andβor email notification.
- All traffic on the network segment flows through the IPS to either enter or leave the segment.
- Like the IDS, all traffic is evaluated against a set of standards.
- The best placement on the network is between a router (with a firewall) and the destination network segment.
- It is programmed to make an active response to the situation.
- Block the offending IP address.
- Close down the vulnerable interface.
- Terminate the network session.
- Redirect the attack.
