Table 20-2. Deploying IDS Versus IPS
| Pros | Cons |
---|
IDS Sensor (Intrusion Detection System) | Deploying the sensor has no impact on the network (latency, jitter, and so on). | IDS response actions cannot stop the trigger packet and cannot guarantee stopping a connection. |
Sensor is not inline; therefore, a sensor failure cannot impact network functionality. | Being out of band, IDS sensors are more vulnerable to network evasion techniques. |
Monitors traffic on a given segment promiscuously. Captures traffic by using SPAN, TAP, VACL capture, and so on. | Cannot perform inline monitoring and does not have the capability to perform inline response action (deny-packet). |
IPS Sensor (Intrusion Prevention System) | Supports inline monitoring with inline response action deny-packet capability. | Packet effects (latency, and so on). Packet drops due to latency will impact traffic streams. |
TCP/IP traffic normalization. | Network effects (bandwidth, connection rate, and so on). |
Monitors all traffic traversing between two interfaces transparently. | Often, IPS cannot be implemented "everywhere" because of cost restrictions. |