IDS/IPS systems

Easy20MIN

Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are cybersecurity systems that aim to detect and prevent intrusions and other security threats in the network environment.

Intrusion Detection System (IDS)

Intrusion Detection System (IDS) is a cybersecurity system that monitors network traffic and system events to search for signs or abnormalities that may indicate a security breach or cybersecurity risk. IDS can use multiple methods to detect possible attacks, including:

Signature-based analysis: IDS compares network traffic or system events to known attack patterns or signatures. If it detects a match, it generates an alert.
Abnormality monitoring: IDS analyzes normal activity and looks for deviations from normal behavior. Abnormalities may be signs of possible attacks.
Protocol analysis: IDS monitors network traffic and system events to ensure compliance with network protocol standards. Deviations may indicate potential attacks, such as malicious network traffic or protocol misuse.

1 / 3

Previous: False positive vs false negativePrevious Next: What are security incidents? What should be collected and when should an alarm be raised?Next

Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.