IDSs and IPSs

Both intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) work by inspecting network traffic for attack patterns. When a pattern is identified, the system takes some administrator-defined action. The similarities between the two end there and the differences begin when you consider how each is positioned on the network.

An IDS sits on network segments passively network traffic. An IPS sits inline on the network and where necessary it drops or rewrites packets sent to a host protected by the IPS.

Adopted from the book Assessing Network Security by Ben Smith, David LeBlanc, Kevin Lam.