O'Reilly logo

Learning Network Forensics by Samir Datt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Differentiating between NIDS and NIPS

At first sight, both the solutions seem quite similar; however, there is a clear difference in that one is a passive monitoring and detection system that limits itself to raising an alarm at an anomaly or signature match, and the other is an active prevention system that takes proactive action when detecting a malicious packet by dropping it.

Usually, a NIPS is inline (between the firewall and rest of the network) and takes proactive action based on the set of rules provided to it. In the case of a NIDS, the device/computer is usually not inline but may get mirrored traffic from a network tap or mirrored port.

The network overhead in the case of a NIPS is more than that of a NIDS.

Another issue with a NIDS is ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required