What are network intrusions?
Before we can get to explaining what IDS and IPS technologies are, it’s important to outline what network intrusions are and what types of vulnerabilities can allow network intrusions. A network intrusion is an event that compromises the security of a device or system; essentially, any unauthorized activity in a network can be described as a network intrusion. Typically, the goal of a network intrusion is to steal network resources or to gain unauthorized access to data. Network intrusions are often caused by social engineering attacks, malware, outdated software, etc. The best way to protect your systems from network intrusions is to utilize IDS and IPS.
What is an IDS?
IDS stands for an intrusion detection system, it is essentially a technology used to detect network intrusions as they are happening by analyzing network traffic patterns. An IDS only alerts the administrator of any suspicious activity, it does not have any impact on data flow.
How does an IDS work?
There are three most common types of technology used by IDS. Signature-based IDS looks for network patterns that are known to be caused by malware and other intrusions. Anomaly-based IDS uses machine learning to detect previously unknown attacks, such as attacks by newly developed malware. Reputation-based IDS analyzes the reputation of a given file and alerts the administrator to suspicious files.
What is an IPS?
IPS stands for Intrusion Prevention System and it’s a technology that is used to detect and prevent security threats to your networks and systems. While IDS only detect threats without doing anything about them, IPS can take automated actions on the traffic that goes through the network.
How does an IPS work?
The principle of IPS operation is simple – it scans all the traffic in the network and then identifies and prevents viruses, worms, DDoS attacks and other vulnerability exploits. When a network intrusion is detected, an IPS can block the IP address or user account associated with the intrusion, reprogram the firewall to detect and prevent the type of attack from happening again, removing malicious files and information left after an attack, etc.
Frequently asked questions about IDS and IPS technologies
What types of IDS are there?
There are two types of intrusion detection systems: host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS).
What types of IPS are there?
The four most common types of IPS include wireless, host-based, network behavior and network-based intrusion prevention systems.
Are there any products that combine IDS and IPS functionality?
Yes, there are lots of software options that combine IDS and IPS for better protection. There are many Unified Threat Management systems and Next-Generation Firewalls that have both IDS and IPS functions.