2 posts • Page 1 of 1
An intrusion detection system (IDS) monitors network devices in order to grant security administrators the ability to identify attacks in progress and take appropriate action to protect a network. In order for users on a network to access a web server on the internet, the firewall must allow traffic through port 80. However, this open port is often used as an attack vector for hackers and malware to gain access to your network. An IDS examines this traffic and compares it with known exploits; similar to how antivirus software uses known virus signatures to identify threats. When the intrusion system detects a match to a known exploit, it sends an alert to the security or web server administrator so they can take action. Intrusion prevention systems (IPS) are very similar to IDSs, but as opposed to just sending an alert, these systems go one step further and automatically take action to prevent an intrusion.