Un minuto 162 Palabras
2010-01-15 11:18 (Ultima actualización: 2023-04-02 15:22)
Differences between IDS and IPS
Following I will show you differences between IPS and IDS. Most important it’s that the IPS is able to stop attacks in a real time fashion while the IDS not.
This is because the IPS is deployed Inline Mode, while IDS, monitors network in passive mode also known as Promiscuous Mode. Both of them use the same technology.
IDS
Benefits There is no impact on the network traffic flow if sensor fails. Neither generates network delay. Monitored traffic is a copy of the real one.
Drawbacks Can’t stop packets firing signatures. More exposed to sensor-avoidance techniques. Correct signature tuning needed.
IPS
Benefits: Can stop in real time packets firing signatures, even single-packet attacks. Can use network normalizing techniques.
Drawbacks: Sensor problems affect adversely network performance. Overload or Sensor failure, or even an excess of turned on signatures can generate network traffic delay, or actually stop it at all.
The best way to understand how sensors are deployed is with a single picture: