What the different between IPS/IDS/TMS?
- IPS – An extension of IDS technology, rather than detect and log the web attack, IPS capable of prevent and block malicious attack when still allow normal traffic to pass thru.
- IDS – Design to detect and log the wed attack. Have signature and able to alert when attack is happening.
- TMS – A single point of security event one-stop. Think this is a database where collect information from all security device (IPS/IDS/Proxy…) and create a huge relational database where you can enter a single query and it will return all similar result from all the security devices.
On simple term, IPS is a Custom officer, IDS is just the security scanner at Custom, where TMS is the computer system that store the record of the passenger.
If you bring dangerous item on airplane, the scanner will detect you and sound the alert, the Custom officer will go thru your bag and take out the dangerous item…where your offence record will by key in into the system so other people can see you bring dangerous item on airplane before.
Most company use IDS and IPS simultaneously, IPS at the external (outer layer) of the network and IDS at the internal (inner layer) of the network. Why?
Very simple, THE internal IDS act as a failsafe layer of detection if the IPS didn’t manage to detect and drop some harmful traffic.
