Cisco CCNP ISCW And CCNA Security Certification Exam Tutorial
Comparing The Intruder Prevention System (IPS) And The Intruder Detection System (IDS)
By Chris Bryant, CCIE #12933
When it comes to your CCNP exams, success is in the details, and that's particularly true of your ISCW exam. The CCNA Security exam also deals with many of the same details!
You're going to need to know all the vital details of configuring and troubleshooting Cisco's Intrusion Prevention System (IPS), both from the command line and via Security Device Manager (SDM).
We'll configure IPS in both fashions later in this section, but we first need to draw a clear line between the operation of the Intrusion Prevention System and the Intrusion Detection System (IDS). Those terms sound similar, but they're quite different in operation.
Comparing Intrusion Detection And Intrusion Prevention
An IDS does just what its name tells us - it detects network intrusion. Simple enough! However, the IDS is basically a "town crier" in that it will notify other network devices about the attack, but does not directly defend against the attack itself.
The IDS does not receive traffic flows directly. Instead, the traffic flows are mirrored to the IDS.
When infected traffic does hit the network, the IDS will see this and take appropriate action. The problem is that this appropriate action is not direct action; since the IDS is not in the traffic flow, it has to inform a network device that is in that flow that action must be taken.
By the time the IDS detects an issue and notifies the appropriate network devices, the beginning of the infected traffic flow is already in the network.
In contrast, our Intrusion Prevention System (IPS) does sit in the middle of the traffic flow - in this case, the IPS will actually be our Cisco router. When the IPS detects a problem, the IPS itself can prevent the traffic from entering the network.
Cisco's website describes the IPS as a "restructuring" of the IDS. While you'll see more of IPS than IDS in today's real-world networks, we have to be crystal clear on the differences between the two for the ISCW exam.
To your success,