You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Firewalls enforce access rules, but they cannot detect sophisticated attacks hiding within permitted traffic. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) fill this gap by analysing traffic patterns and payloads to identify malicious activity.
| Feature | IDS (Intrusion Detection) | IPS (Intrusion Prevention) |
|---|---|---|
| Mode | Passive — monitors a copy of traffic | Inline — sits directly in the traffic path |
| Action | Alerts only — does not block traffic | Blocks malicious traffic in real time |
| Risk | May miss attacks if alerts are ignored | May cause false positive disruptions |
| Latency | No impact on network performance | Slight increase due to inline processing |
| Deployment | Connected via TAP or SPAN port | Deployed inline between network segments |
IDS (Passive):
Traffic ─────────────▶ Destination
│
└──── Copy ────▶ IDS ──▶ Alert
IPS (Inline):
Traffic ──▶ IPS ──▶ Destination
│
▼
Block / Allow
Compares network traffic against a database of known attack signatures.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.