Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
504
Views
9
Helpful
4
Replies

IDS and IPS ?

iqbalkhan
Level 1
Level 1

‎03-21-2007 11:06 PM - edited ‎03-10-2019 03:31 AM

Hi

I am using before 4215 IDS in my network.

My question is what is basic difference IDS and IPS ?. why I am using IPS in place of IDS , what is the key point and benefit ?.

Thanks

biplob

Labels:
0 Helpful
4 Replies 4

edwakim
Cisco Employee
Cisco Employee

‎03-21-2007 11:42 PM

Hi,

Here are the definitions from IPS 5.1 guide.

Understanding Promiscuous Mode (IDS)

In promiscuous mode, packets do not flow through the sensor. The sensor analyzes a copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous mode is that the sensor does not affect the packet flow with the forwarded traffic. The disadvantage of operating in promiscuous mode, however, is the sensor cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks). The response actions implemented by promiscuous sensor devices are post-event responses and often require assistance from other networking devices, for example, routers and firewalls, to respond to an attack. While such response actions can prevent some classes of attacks, in atomic attacks the single packet has the chance of reaching the target system before the promiscuous-based sensor can apply an ACL modification on a managed device (such as a firewall, switch, or router).

Understanding Inline Interface Mode (IPS)

Operating in inline interface mode puts the IPS directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not only is the inline device processing information on layers 3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded attacks (layers 3 to 7). This deeper analysis lets the system identify and stop and/or block attacks that would normally pass through a traditional firewall device.

In inline interface mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface of the pair unless that packet is being denied or modified by a signature.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7d.html#wp1033759

Hope this helps.

Edward

iqbalkhan
Level 1
Level 1
In response to edwakim

‎03-22-2007 12:42 AM

Hi Edward

Thanks to you clear the IDS and IPS.

but i have another question.

IN past when I configure IDS.

I have done for operation monitor port of IDS connect to Switch monitor port where data capture.and controlong port is connect another port.

but in IPS work in Inline so it has two monitoring port .

Now think i have network where

LAN--Firewal-Router

so if i add IPS then LAN-firewal-IPS-Router ?.

One intrface of IPS connect to IPS and Another connect to ROuter ?

pls clear this issue.

0 Helpful

TradeSecrets
Level 1
Level 1

‎03-23-2007 01:19 PM

Hi Biplob,

The basic difference is.

IDS - alerts you of breaches

IPS - Stops them

attmidsteam
Level 1
Level 1
In response to TradeSecrets

‎03-25-2007 10:10 AM

@ TradeSecrets

IDS -- Passive

IPS -- Active (read, more to go wrong)

Both can actually "mitigate" events, however neither can "Stop breaches"

Best of luck to you sir.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card