What is "IDS / IPS", a security system that detects and defends illegal invasion?

IDS (Intrusion Detection System) and IPS (Intrusion Prevent System) are security products (systems) to detect or defend unauthorized invasion of servers and cyber attacks.IDS is also called an intrusion detection system, and IPS is also called an intrusion defense system.

Both are provided as software and hardware (applians).It may be provided as a function of personal firewall software or UTM (Unified Threat Management).In recent years, it has been provided as a cloud service.

The feature of IDS/IPS is to determine whether or not to look at the contents of the packet.For example, a firewall, a typical security product, basically determines whether it is an illegal packet from the IP address and port number of the destination source and destination.Therefore, it may not be possible to prevent it depending on the attack.

For example, an attack on software vulnerabilities such as OS.It also includes worms that spread vulnerabilities and spread infection.The contents of the packet have a vulnerability work, but if there is no problem between the sender and the destination, the general firewall will allow communication.

The same goes for DOS (Denial of Service).DOS attack is a cyber attack that sends a large amount of packets so that the computer to be attacked cannot work properly.Just because the amount of packets is abnormal, there is no problem with the source or destination, so it cannot be prevented with a general firewall.On the other hand, IDS/IPS monitors individual packets, so you can also notice the amount of abnormalities.

Both IDS and IPS are the same in monitoring packets and detecting fraudulent invasion.The difference is the response after detecting an illegal packet.

名前の通り、IDSは検知に特化したシステムだ。不正なパケットを検知すると、警告画面を表示したり警告メールを送信したりして管理者に通知する（PICT1）。その後の対応は管理者に任せられる。このため管理者の負荷は高い。

The next page appeared on IPS.Unauthorized packet...