People often wonder what the difference between a IPS and a IDS is. We have decided to write this post on “What is a IPS” to allow you to gain insight on what exactly an IPS is and what is exactly does. IPS is in the security field stands for Intrusion Prevention System.
An Intrusion Prevention System allows the administrators and operators to monitor the network traffic and it allows them to setup rules for identified network channels. The difference between an IPS and an IDS is the following, an IPS allows the administrator to stop specific packages and malicious connections within seconds, allowing him to STOP the intrusion while allowing the network to operate on a stable flow.
An intrusion detection system uses two procedures, the first procedures is host based and it considered to be a passive component. The first procedure will inspect system configuration files and it will detect vulnerabilities and points which need attention.
The second procedure is network based and it is considered to be a active component. This part uses nodes to reenact known methods of attacks and it will also record the response of the system which is targeted.
As you can see, the Intrusion Prevention System will allow the administrator to directly stop the EXPLOIT which is being carried out by the attacker, while the Intrusion Detection System will allow the administrator/security professional to gain insight in the weak spots of the network.