Visit complete Cyber Security roadmap

← Back to Topics List

Basics of IDS and IPS

When it comes to cybersecurity, detecting and preventing intrusions is crucial for protecting valuable information systems and networks. In this section, we’ll discuss the basics of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to help you better understand their function and importance in your overall cybersecurity strategy.

What is Intrusion Detection System (IDS)?

An Intrusion Detection System (IDS) is a critical security tool designed to monitor and analyze network traffic or host activities for any signs of malicious activity, policy violations, or unauthorized access attempts. Once a threat or anomaly is identified, the IDS raises an alert to the security administrator for further investigation and possible actions.

There are two types of IDS:

  • Network-Based Intrusion Detection System (NIDS): This type of IDS is deployed on network devices such as routers, switches, or firewalls to monitor and analyze the traffic between hosts within the network.

  • Host-Based Intrusion Detection System (HIDS): This type of IDS is installed on individual hosts, such as servers or workstations, to monitor and analyze the activities on that specific host.

What is Intrusion Prevention System (IPS)?

An Intrusion Prevention System (IPS) is an advanced security solution closely related to IDS. While an IDS mainly focuses on detecting and alerting about intrusions, an IPS takes it a step further and actively works to prevent the attacks. It monitors, analyzes, and takes pre-configured automatic actions based on suspicious activities, such as blocking malicious traffic, reseting connections, or dropping malicious packets.

There are two types of IPS:

  • Network-Based Intrusion Prevention System (NIPS): This type of IPS is deployed in-line with network devices and closely monitors network traffic, making it possible to take actions in real-time.

  • Host-Based Intrusion Prevention System (HIPS): This type of IPS is installed on individual hosts and actively prevents attacks by controlling inputs and outputs on the host, restricting access to resources, and making use of application-level controls.

Key Takeaways

  • IDS and IPS are essential components of a robust cybersecurity strategy.
  • IDS focuses on detecting and alerting about potential intrusions, while IPS takes it further by actively preventing and mitigating attacks.
  • Network-based systems protect networks, while host-based systems protect individual hosts within a network.
  • Regularly updating and configuring IDS/IPS is necessary to continually defend against evolving threats.

By understanding the basics of IDS and IPS, you can better evaluate your security needs and take the right steps to protect your network and hosts from potential intruders.

Found any mistakes? Help us improve by updating the file here..

Community

roadmap.sh is the 6th most starred project on GitHub and is visited by hundreds of thousands of developers every month.

241K GitHub Stars Join on Discord

Roadmaps Best Practices Guides Videos Store YouTube

roadmap.sh by Kamran Ahmed

Community created roadmaps, articles, resources and journeys to help you choose your path and grow in your career.

© roadmap.sh · FAQs · Terms · Privacy

ThewNewStack

The leading DevOps resource for Kubernetes, cloud-native computing, and the latest in at-scale development, deployment, and management.

DevOps · Kubernetes · Cloud-Native