the defferences between IDS & IPS

Unanswered Question
Jan 21st, 2010

dear experts, would you mind describing to me the differences between the IDS, IPS, and the normal functions of the firewall policies in the ASA and PIX firewall?

thanks alot for your help

Labib Makar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
vilaxmi Thu, 01/21/2010 - 20:59


Basically IDS (Intrusion Detection System) is a device which can sniff (copy)  traffic and analyze (compare against pre-defined signatures) it for any bad behavior or malicious traffic, this means that IDS device can’t be positioned inline in the path of traffic which results of limitation of its capability of protection (it is more Detection not Prevention/Protection).So basically, it is a passive-monitoring system which may be used in conjunction with IPS to prevent attacks.

While IPS (Intrusion Prevention System) can be deployed inline which gives it ability to block malicious / bad traffic before it reaches its destination. But you have to be carful as nowadays you might find device described as IDS which can be deployed inline like Cisco IDSM which is in fact IPS but they are using both names interchangeably.




This Discussion