Wherever you look after the definition of Intrusion Detection System or so called IDS, most of them gave the similar interpretations. Its a device or software application that monitors network or system activities for malicious activities or policy violation .. and of course it should produce reports to a management station as a result for further analysis.
Known as active IDS, Intrusion Prevention System or IPS have the capability to work as IDS but with automatic prevention action,
Usually, to secure the network as whole, IDS should not be the only option to be implemented in an organization. They need to work with firewall, antivirus and and other security system as well since the capability of the IDS only limits to monitoring the anomaly packets and produce result for analysis. These anomaly packet must be trap or block anyway to avoid them to enter the network, but IDS CANNOT do that. Even you are make use IPS, still you need to consider other security elements as well because the limitation exist in IPS itself.
Hope this blog will give you various information and ideas how to start to use IDS/IPS..!!
Adios! :)
No comments:
Post a Comment