IDS与IPS
IDS(入侵检测系统)是检测网络中不适当,不正确或异常的活动并报告它们的系统。此外,ID可用于检测网络或服务器是否正在经历未经授权的入侵。IPS(入侵预防系统)是一个系统,该系统如果包含未经授权的数据,可以主动断开连接或丢弃数据包。IP可以看作是ID的扩展。
IDS
IDS监视网络并检测不适当,不正确或异常活动。ID的主要类型有两种。第一个是网络入侵检测系统(NIDS)。这些系统检查网络中的流量并监视多个主机以识别入侵。传感器用于捕获网络中的流量,并分析每个数据包以识别恶意内容。第二种是基于主机的入侵检测系统(HIDS)。HID部署在主机或服务器中。他们分析机器本地的数据,例如系统日志文件,审核跟踪和文件系统更改,以识别异常行为。HID将宿主的正常剖面与观察到的活性进行比较,以识别潜在的异常情况。在大多数地方,安装的ID设备都放在寄宿器路由器和防火墙之间或寄宿路路由器外部。 In some cases IDS installed devices are placed outside the firewall and boarder router with the intension of seeing the full breadth of attempted attacks. Performance is a key issue with IDS systems since they are used with high bandwidth network devices. Even with high performance components and updated software, IDS tend to drop packets since they cannot handle the large throughput.
IPS
IPS是一个积极采取步骤以防止入侵或攻击识别的系统。IPS分为四个类别。首先是基于网络的入侵预防(NIP),它监视整个网络以进行可疑活动。第二种类型是网络行为分析(NBA)系统,该系统检查流量流以检测异常流量流,这可能是攻击结果,例如分布式拒绝服务(DDOS)。第三种是无线入侵预防系统(WIPS),该系统分析了无线网络的可疑流量。第四类是基于主机的入侵预防系统(HIPS),安装软件包以监视单个主机的活动。如前所述,IPS采取了主动步骤,例如丢弃包含恶意数据的数据包,重置或阻止来自有问题的IP地址的流量。
IPS和ID之间有什么区别?
一个id是一个系统,监控网络和detects inappropriate, incorrect or anomalous activities, while an IPS is a system that detects intrusion or an attack and takes active steps to prevent them. Main deference between the two is unlike IDS, IPS actively takes steps to prevent or block intrusions that are detected. These preventing steps include activities like dropping malicious packets and resetting or blocking traffic coming from malicious IP addresses. IPS can be seen as an extension of IDS, which has the additional capabilities to prevent intrusions while detecting them.
发表评论