I am taking note on blog about article related to IPS (Intrusion Prevention Systems) overview and relative comperazation to IDS:
"Unlike its predecessor the intrusion detection system (IDS) – which is a passive system that scans traffic and reports back on threats – the IPS is placed inline, directly in the flow of network traffic between the source and destination. Usually sitting right behind the firewall, the solution is actively analyzing and taking automated actions on all traffic flows that enter the network. These actions can include:
- Sending an alarm to the administrator (as would be seen in an IDS)
- Dropping the malicious packets
- Blocking traffic from the source address
- Resetting the connection
- Configuring firewalls to prevent future attacks"
[Original Articles]