4- Securying Your Network Flashcards
1
Q
IDSs (Intrusion Detection Systems) and IPSs (Intrusion Prevention Systems)
A
An IDS is a detective control that attempts to detect attacks after they occur. In contrast, a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attack in progress.
The primary types of IDSs you’ll see are host-based IDSs (HIDSs) and network-based IDSs (NIDSs). Each of these IDSs detect attacks either through predefined attack signatures or by detecting anomalies. Once an attack occurs, an IDS can respond either passively or actively. An IPS responds actively to prevent the attack.