11

I was taught that an IDS is a passive protection method, and an IPS is active. My security+ boot camp is trying to tell me IDS is active. Thoughts?

And yes, I'm still studying for this, I've been avoiding it because I'm salty I failed by one. But now it's a requirement, so I have no more time to avoid. :(

Comments
  • 0
    You are correct, ids is 'passive' and ips is 'active'. Basically an ips is an ids with hopefully sensible followup actions.
  • 1
    @NeatNerdPrime their "expert" didn't understand why I was questioning the difference. but it's easier than trying to read everything without having someone talk about it (make it feel more like a class than me just reading)
  • 0
    Not sure if the instructor meant in this sense but IDS may detect an event as soon as it passes through one of the event recording points, thus active in a sense but it won't do anything about it except just report it.

    However IPS will definitely try it's best to stop it while it's reporting as well.

    As someone who cleared Sec+, from exams perspective, IDS is definitely passive and IPS is active.
    All the best, you can do it!
  • 1
    @justasithlord thanks for that tip! I feel like I can do this fairly easily, I'm just trying to familiarize myself with the format of the exam and the questions. I tend to read too quickly and miss important details, which cost me the point on the question; if I can slow down enough to NOT do that, I should be fine with the information I learned/taught in my intro level class (I took it, then turned around and was a TA for the class).
Add Comment