Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

the defferences between IDS & IPS

dear experts, would you mind describing to me the differences between the IDS, IPS, and the normal functions of the firewall policies in the ASA and PIX firewall?

thanks alot for your help

Labib Makar

1 REPLY
Cisco Employee

Re: the defferences between IDS & IPS

Hello,

Basically IDS (Intrusion Detection System) is a device which can sniff (copy)  traffic and analyze (compare against pre-defined signatures) it for any bad behavior or malicious traffic, this means that IDS device can’t be positioned inline in the path of traffic which results of limitation of its capability of protection (it is more Detection not Prevention/Protection).So basically, it is a passive-monitoring system which may be used in conjunction with IPS to prevent attacks.

While IPS (Intrusion Prevention System) can be deployed inline which gives it ability to block malicious / bad traffic before it reaches its destination. But you have to be carful as nowadays you might find device described as IDS which can be deployed inline like Cisco IDSM which is in fact IPS but they are using both names interchangeably.

HTH

Vijaya

171
Views
5
Helpful
1
Replies
CreatePlease to create content