Home   | CCNA Certification  |   CCNP Training   | CompTIA |  Boot Camps  |  Free Tutorials   | MS Vista | About Me
 

Get My Exclusive FREE 7-Part Report,
"How To Pass The CCNA", Daily FREE
Cisco And CompTIA Exam Questions,
And All The Latest Certification News
In My Daily Newsletter!

Privacy Policy

Name:
Email:
  More Testimonials >
Visit my blog for free daily Cisco CCNA and CCNP certification questions, my latest free articles and tutorials, and more!


 

Cisco CCNP ISCW Certification Exam Tutorial

Comparing The Intruder Prevention System (IPS) And The Intruder Detection System (IDS)

By Chris Bryant, CCIE #12933

When it comes to your CCNP exams, success is in the details, and that's particularly true of your ISCW exam.

You're going to need to know all the vital details of configuring and troubleshooting Cisco's Intrusion Prevention System (IPS), both from the command line and via Security Device Manager (SDM).

We'll configure IPS in both fashions later in this section, but we first need to draw a clear line between the operation of the Intrusion Prevention System and the Intrusion Detection System (IDS). Those terms sound similar, but they're quite different in operation.

Comparing Intrusion Detection And Intrusion Prevention

An IDS does just what its name tells us - it detects network intrusion.  Simple enough!  However, the IDS is basically a "town crier" in that it will notify other network devices about the attack, but does not directly defend against the attack itself. 

The IDS does not receive traffic flows directly.  Instead, the traffic flows are mirrored to the IDS. 

IDS Not In Traffic Flow

When infected traffic does hit the network, the IDS will see this and take appropriate action. The problem is that this appropriate action is not direct action; since the IDS is not in the traffic flow, it has to inform a network device that is in that flow that action must be taken.

By the time the IDS detects an issue and notifies the appropriate network devices, the beginning of the infected traffic flow is already in the network.

IDS Cannot Block Traffic

 

In contrast, our Intrusion Prevention System (IPS) does sit in the middle of the traffic flow - in this case, the IPS will actually be our Cisco router.  When the IPS detects a problem, the IPS itself can prevent the traffic from entering the network.  

IPS Can Stop Infected Traffic

 

Cisco's website describes the IPS as a "restructuring" of the IDS.  While you'll see more of IPS than IDS in today's real-world networks, we have to be crystal clear on the differences between the two for the ISCW exam.

IPS and IDS do share some common operations and defaults, and we'll look at those in a later tutorial. They're also covered in my ISCW Study Package!

The Ultimate CCNP Study Package Bundle covers all four CCNP exams, and there's no better way to be prepared for success on your BSCI , BCMSN, ONT, and ISCW exams. Check it out right now!

To your success,

Chris Bryant

CCIE #12933

chris@thebryantadvantage.com

 

 

The Ultimate CCNA Study Package | The Ultimate CCNA Study Guide

Binary Math And Subnetting Mastery

Cisco Rack Rentals

CCNP BSCI Exam Study Package

CCNP BCMSN Exam Study Package

CCNP BCRAN Exam Study Package

CCNP CIT Exam Study Package | CCNP BSCI Exam Study Guide

CCNA CBT Video Boot Camp | CCNP BSCI Video Boot Camp

Cisco Training Tutorials And Cisco Certification Articles

CCNP CBT BCMSN Video Boot Camp | CCNP CBT BCRAN Video Boot Camp

CompTIA Network+ Exam Study Package

CompTIA Security+ Exam Study Package

CompTIA A + Certification Exam Study Package

CCNA Training Store | CCNP Certification Training Store

CompTIA Certification Training Store

Cisco Lab Router And Switch Home Lab Help

Site Map | Home Page | Testimonials

Microsoft Windows Vista Certification Updates And News

The Bryant Advantage Blog | About Chris Bryant, CCIE #12933