IDS and IPS Placement for Network protection by Robert Drum
By secgeek - Posted on June 4th, 2006
149
vote
Intrusion Detection and Intrusion Prevention Systems, IDS and IPS respectively, are mature network level defenses deployed in thousands of computer networks worldwide. The basic difference between the two technologies lies in how they provide protection for network environments.
Intrusion Detection Systems, IDS, analyze network traffic and generate alerts when malicious activity is discovered. They are generally able to reset TCP connections by issuing specially crafted packets after an attack begins and some are even able to interface with firewall systems to re-write firewall rulesets on the-fly. The limitation of Intrusion Detection Systems is that they cannot preempt network attacks because IDS sensors are based on packet sniffing technologies that only watch network traffic as it passes by.
http://www.infosecwriters.com/text_resources/pdf/IDS_Placement_RDrum.pdf
Bookmark/Search this post with:
Similar entries
- Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market? by Craig Gosselin
- Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market? by Craig Gosselin
- Detecting Intrusions with your Firewall Log and OsHids
- Honeypots Deployed by Eddie Bibbs
- Honeypots Deployed by Eddie Bibbs
Recent comments
30 weeks 5 days ago
33 weeks 2 days ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 18 weeks ago
1 year 34 weeks ago
2 years 25 weeks ago
2 years 26 weeks ago
2 years 28 weeks ago