An NIDS may incorporate one of two (or both) types of intrusion detection in their solutions: signature-based and anomaly-based. A signature-based NIDS monitors network traffic for suspicious patterns in data packets– “signatures” of known network intrusion patterns– to …
An intrusion prevention system (IPS) is a system that monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, and then log information, attempt to block the activity, and then finally to report it.
Example: E-mail notification In this example, IDS detected an intrusion on the local system and sent an e-mail notification to the systems administrator. Example: Intrusion detection scan policy This example shows an intrusion detection scan policy that monitors for both slow scans and fast scans on all IP addresses and ports 1-5000.
Network Intrusion Detection Systems are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. Ideally, you would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network.
Host-based intrusion detection system (HIDS) As one example, you can install a HIDS on different Internet-facing servers, such as web servers, mail servers, and database servers. In addition to monitoring the network traffic reaching the servers, the HIDS can also monitor the server applications.