Intrusion Detection & Prevention (IDPS)

Intrusion detection and prevention systems observe all activity within a network, keep records of that activity, and look for intrusions and attacks. Intrusion detection and prevention solutions can be implemented separately or together, though having both of them is often more beneficial because both detection and response are important for network security. Over time, intrusion detection systems (IDS) and intrusion prevention systems (IPS) have merged to become intrusion detection and prevention systems (IDPS).

IDS

Intrusion detection systems monitor network traffic and record all activity in system logs, which can be studied for patterns. An intrusion detection system is known for its ability to study network activity and then detect unusual behavior. It observes the network for different traffic patterns, including those characteristic of worms or viruses, and alerts IT teams or administrators to suspicious activity or attacks. IDS can be programmed to expect certain normal network behavior and what typically occurs within segments of the network; its anomaly detection feature flags uncharacteristic actions that don’t line up with the programming.

IDS sees what an intrusion looks like and uses previous records, called intrusion signatures, to see if a new pattern might also be an intrusion. IDS accesses this data through log files that the network keeps. But this is an intrusion detection system’s weakness, too it is limited to observing intrusions that have already happened.

IDS software has different levels and prices; it can also be installed as hardware in a computer system.

IPS

Intrusion prevention systems analyze network traffic, filter requests, and allow or block requests accordingly. IPS is more proactive than IDS because it can respond to behavior. It can be overwhelming for IT teams, though, because any strange activity, even innocuous, will overload technology staff with alerts. If an IPS isn’t intelligent and can’t interpret network activity well, it will be almost impossible for humans to sort through the barrage of system alerts.

Intrusion prevention systems can be prone to false positives and negatives: a false positive blocks a legitimate packet that just seems suspicious, and a false negative misses malicious traffic. Machine learning implemented in intrusion prevention can help the system become more accurate if the technology learns network patterns better and detect true problems more accurately. More advanced automation can decrease the number of false positives and negatives. Security teams usually need to refine rules to avoid triggering false or insignificant alerts.

Intrusion prevention services can be either network-based or host-based. Network-based IPS sit near the firewall and monitor network traffic. Host-based IPS are closer to a computer or other endpoint (near the host).

Using both intrusion detection and prevention systems (IDPS)

As previously mentioned, intrusion detection and prevention are often lumped together automatically, though they can be implemented as separate solutions. They’re more effective together, however. Detecting possible abnormal activity within an application’s log file does little good if the system cannot take actions to track and quell an intruder. And without software to monitor all the network traffic, prevention systems won’t be able to locate malicious activity as effectively. Though IDPS is not the perfect solution to all network security, it’s best to deploy both detection and prevention if you are planning to use one of them.






Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

Text Abbreviations reviewed by Web Webster   From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Telecommunication

Telecommunication refers to telephony and cellular network technology. However, the broader definition includes...

Spoofing

What is spoofing? As it pertains to cybersecurity, spoofing is when a person disguises...

How to Indent in...

Microsoft Word is a graphical word...