What is an IDS vs IPS?

Q: What is an IDS vs IPS?

An IDS (Intrusion Detection System) monitors network traffic or system activity for suspicious patterns and alerts administrators — it is passive (detect and notify only). An IPS (Intrusion Prevention System) actively blocks or prevents detected attacks in real time — it sits inline in the network and can drop malicious packets. Types: Network-based (NIDS/NIPS): monitors network traffic at a strategic point. Host-based (HIDS/HIPS): monitors activities on individual hosts (file changes, proce

Answer

An IDS (Intrusion Detection System) monitors network traffic or system activity for suspicious patterns and alerts administrators — it is passive (detect and notify only). An IPS (Intrusion Prevention System) actively blocks or prevents detected attacks in real time — it sits inline in the network and can drop malicious packets. Types: Network-based (NIDS/NIPS): monitors network traffic at a strategic point. Host-based (HIDS/HIPS): monitors activities on individual hosts (file changes, process activity). Detection methods: Signature-based: matches known attack patterns (low false positives, misses zero-days). Anomaly-based: baseline normal behavior and alert on deviations (catches unknown attacks, higher false positives). Behavioral: monitors sequence of actions. Popular tools: Snort, Suricata (NIDS/NIPS), OSSEC (HIDS), CrowdStrike, Carbon Black.

What is a cookie and how are cookies secured?

What is HTTPS Strict Transport Security (HSTS)?

More Cybersecurity / Web Security Questions

View all →

All Cybersecurity / Web Security Questions Browse All Topics