Friday, February 28, 2020

Comparison between IPS and IDS

New Generation IPS

The dynamism of current networks causes the constant emergence of new technologies, devices and systems, which increases exposure to improved techniques to violate information security, and demonstrates the need for mechanisms that have some intelligence to cope with it, promoting the development of New Generation IPS.

A New Generation IPS Security must comply with the following elements:


  • Always Online: never hinder or interrupt the operation of a network.
  • Application Awareness: ability to identify applications and implement network security policies at the application layer.
  • Context Awareness: Threat detection and confrontation decisions must be based on the complex analysis of circumstances surrounding a specific attack, which allow the specific priority to be determined automatically to the response that the team must give to an imminent threat.
  • Content Awareness: must be able to inspect and classify types of files reflected in data packages.
  • Agility: must be able to incorporate new feedback mechanisms to face future threats.
  • This new generation of IPS can have visibility on the behavior of the network, profiles of the equipment within the communication infrastructure, and the identity of the users and the applications that are in use, so that this information serves as input to perform an automatic tuning process.

Comparison between IPS and IDS

  • Both the IDS (Intrusion Detection System) and the IPS (Intrusion Prevention System) increase network security, monitoring traffic, examining and analyzing packets for suspicious data. Both systems base their detections mainly on signatures or signatures already detected and recognized.
  • The main difference between an IDS and an IPS is the type of action they take to detect an attack in its early stages (network analysis and port scanning):
  • The IDS provides the network with a degree of security of a preventive nature in the face of any suspicious activity, and achieves its objective through early warnings addressed to system security administrators. IT However, unlike the IPS system, it is not designed to stop attacks
  • The IPS is a device that exercises access control in a network to protect computer systems from attacks and abuses. It is designed to analyze the attack data and act accordingly, stopping it at the same time it is being developed and before it is successful.
  • Combining both network-based and host-based intrusion detection and prevention systems is essential for good computer security health. None of the models presented is necessarily exclusive, on the contrary, they should be treated as complementary according to the need and criticality of protection required by a business.



No comments:

Post a Comment