IDS vs IPS Intrusion Detection System, Intrusion Prevention System

I've got a little network right here.

So this yellow box is going to be my switch and these individual little cylinders
are going to be my host and this guy right here is my connection to the Internet.

So he's just going to be at this moment.

Well just a router.

Now when we look at this network it's really really important to us that well we
don't let naughty things happen to our network.

So within the Internet world the first line of defense is going to be a firewall.

And now the firewalls main job is to prevent naughty things from the outside world
coming into our network.

So traditionally a firewall is going to be right here.

So that's why so many routers also have built in firewall features.

Now a router doesn't have to have that if we wanted to we can go out and buy a
specialized firewall device and now we can have our router and then our firewall as
its own separate device Barracuda pedicle a lot of people will sell you a box like
this and this thing's been updated so it's always aware of evil things that are out
there.

And so this is not an uncommon setup.

So we've got some kind of router.

We've got some kind of firewall.

And then we have our network itself.

Now firewalls are great and we certainly discuss firewalls in other episodes but we
have another problem here and that is that firewalls are imperfect.

So if I have an imperfect firewall I need to have something inside the network

that's watching for naughtiness to happen.

And that's where intrusion detection systems come into play and intrusion detection
system can just be a computer with specialized ideas software.

Or it could be a specialized device but by nature intrusion detection tends to be

on the inside of a network.

So here I'll just plug them into my switch and his job is to watch for naughty
things on the network itself.

If he detects something on the network it's the idea as his job to let somebody
know in the early generations of ideas.

This would be done with those.

They would send an e-mail to somebody or hit their page or yeah they are that old
today.
You'll get a text message or something like that.

So again it doesn't matter to me.

This can be a specialized device or it could be a Windows machine running

specialized idea software.

Now this is the first generation of intrusion detection.

Now over time we began to get intrusion detection that became what we called
active.

So this box would say Oh I notice that there's a well-known attack coming in here.

And what he could do would be to talk to the firewall itself and say hey firewall
shut off a port or stop take our application or do something to stop this attack.

And we called that and I am using the past tense active IDs active ideas is really
what we call intrusion prevention now or IPX an IP based system.

Does the same thing as an idea.

It's looking on the inside of the network for naughtiness.

But it does something to stop it.

Now if I have a device way over here it has a hard time stopping things because
it's not actually in line.

So what we usually see with IPX

is something like this.

This is getting long.

Now again we can have routers that have IP built into them.

We can have firewalls with IPX built into them but you can actually still buy IPX
boxes whose only job is to provide IP features.

Now assuming we have something like this this box right here is tends to be inline
and it is certainly monitoring the internal network but if it catches something in
here it's going to do something here to stop it.

And that's the big thing you need to be aware of when it comes to ideas versus IPs
on the network.

Plus Oh and by the way make sure that you can handle any question that defines the
difference between a firewall versus an ideas versus an IPS.

Intrusion detection systems (IDS) detect and report possible attacks to the
administrators

Intrusion prevention systems run-in-line with networks and act to stop detected
attacks

A firewall filters, IDS notifies, IPS acts to stop