Intrusion Detection Systems and Intrusion Prevention Systems
A controlled network border sentry device like a firewall filters any traffic attempting to cross. Not all traffic that needs monitoring crosses a network border guarded by a firewall. That’s where an IDS is valuable. An IDS or an IPS monitors internal hosts or networks, watching for symptoms of compromise or intrusion. Effectively, an IDS is a form of burglar alarm that detects when an attack is occurring within the network.
An IDS serves as a companion mechanism to a firewall. Once an IDS detects an intruder, it can send commands or requests to the firewall to break a connection, block an IP address, or block a port or protocol. You must configure the firewall to receive these ...
Get Network Security, Firewalls, and VPNs, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.