Question

A recent topic of interest in the industry is the Intrusion Prevention System (IPS). Many vendors have created enhancements to IDS systems to make them into IPSs. What are the differences between an IPS and an IDS? Name a product or vendor for each category. Finally, list a website that has an article discussing the use of an IPS or IDS.

The legal issues surrounding active defense (research "Trap and Trace Systems") are constantly evolving. How are the use of such systems an ethical consideration in today's complex workplace?

Answer 1

IDS stands for "Intrusion Detection System". IDS is a passive-monitoring system since the main function of the IDS is to monitor the traffic and alert/log any suspicious activity in the traffic (both inbound and outbound). It does nothing to prevent the suspicious traffic.

IPS stands for "Intrusion Prevention System". It has the functionality of IDS and also adds an additional feature of preventing the suspicious traffic from entering the network. This can be done by using rules. "Pass" rules to pass the traffic and "deny" rules to deny the traffic into the network.

Snort - Best opensource IPS. This can be used as IDS also. Refer to their website for the complete details.

Trap and Trace Systems - These systems capture the incoming electronic or other impulses. This systems help in identifying what specific numbers called a specific telephone etc. In today's complex workplace, usage of "Trap and Trace Systems" violates the privacy of the individuals/employees. Having said that, this is completely different from the IDS and IPS. The purpose of the IDS and IPS is to alert or prevent the suspicious traffic from entering the network.