Difference Between IDS and IPS

IDS stands for Intrusion Detection System which is used to detect incorrect, inappropriate and abnormal activities in a network. The system reports them after detection. Moreover, IDS can find out if a network or server is having unauthorized intrusion or interference. IPS is another system which is used for the same purpose. It stands for Intrusion Prevention System. If data packets contain unauthorized data, IPS will drop those packets.


The network is monitored by IDS for incorrect and inappropriate activities. IDS is of two types: the network intrusion detection system or NIDS. This type of the system monitors multiple hosts so as to identify intrusion. It examines the network traffic. In this type of system, sensors capture the network traffic and each packet is analyzed for intrusions.  Second type of system is the Host based intrusion detection system (HIDS).  This type of system is used in host machines or the servers. This system analyzes local data such as log files and audit trails so as to identify intrusive behavior. IDS is installed between firewall and the boarder router. It can be installed outside the firewall and the router so as to analyze the full breadth of a possible attack. IDS is used with high bandwidth network device. So the performance is the key issue with ISD.


IPS prevents intrusions when it identifies one in the network. IPS comes in four categories. First category is NIPS (Network based Intrusion Prevention System). It monitors entire network. Second is the NBA (Network Behavior Analysis) which examines the traffic flow. Third is the WIPS (Wireless Intrusion Prevention System) which analyzes wireless network for intrusive behavior. The forth is HIPS (Host based Intrusion Prevention system which monitors activities of a single host. IPS takes measures such as dropping packets containing malicious data and blocking traffic of an offending IP.

Difference between IPS and IDS

There are a few differences between IPS and IDS. An IDS monitors the network to find inappropriate and anomalous activities. On the other hand, an IPS detects intrusions and takes active measure to prevent them. The main difference between the two is that IPS takes measures to prevent intrusions which are detected but an IDS detect the anomalies but does not prevent them by itself. It only suggests. The preventive measures in IPS include blocking traffic of intrusive IP address. IPS is an extension of IDS. IDS detects anomalous intrusions while IPS prevents from them. This is the main difference between them.


Category: VS  |  Tags: