suspicious activity in real time; it has to let a few packets
pass before it can initiate any action. An IDS usually has
to rely on other networking elements, such as routers or
switches, to take any corrective measures to stop
suspicious traffic from passing through. One of the most
significant disadvantages of an IDS is that a single packet
attack is almost always successful, which means it is hard
to prevent these attacks.
Figure 14-10 IDS Receiving a Copy of the Packets
Intrusion Prevention Systems (IPSs)
An intrusion prevention system (IPS), as shown in
Figure 14-11, works in real time and in an inline manner.
Usually, an IPS is collocated with a network element