Intrusion detection is the ability to detect attacks against a
network and send logs to a management console and provides the following
defense mechanism
.
- Detection – Identifies malicious attacks on network and host
resources.
On the other hand, Intrusion prevention is the ability to stop attacks
against the network and should provide the following active defense
mechanisms:
- Detection – Identifies malicious attacks on network and host
resources.
- Prevention – Stops the detected attack from executing.
- Reaction – Immunizes the system from future attacks from a malicious
source.
Either technology can be implemented as a network level, host level, or
both for maximum protection.
Response Options
When a signature
match is found, the IDS or IPS may perform the following actions:
- Alarm – Sends alarms to an internal or external log and then forwards the
packet through.
- Reset – Sends packets with a reset flag to both session participants if TCP
forwards the packet
- Drop – Immediately drops the packet
- Block – Denies traffic from the source address of the attack
 |
NOTE:
It is recommended to use the drop and reset actions together to ensure
that the attack is terminated.
|