Intrusion Detection Systems and Intrusion Prevention Systems

A controlled network border sentry device like a firewall filters any traffic attempting to cross. Not all traffic that needs monitoring crosses a network border guarded by a firewall. That’s where an IDS is valuable. An IDS or an IPS monitors internal hosts or networks, watching for symptoms of compromise or intrusion. Effectively, an IDS is a form of burglar alarm that detects when an attack is occurring within the network.

An IDS serves as a companion mechanism to a firewall. Once an IDS detects an intruder, it can send commands or requests to the firewall to break a connection, block an IP address, or block a port or protocol. You must configure the firewall to receive these ...

Get Network Security, Firewalls, and VPNs, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.