A: Yes, there are definite differences between the two. IDS/IPS systems are typically either signature-based or behavior-based. Sometimes the functionality is built into devices such as firewalls and routers, other times they are built into blades that fit into a larger chassis. They can act as network or host-based protection controls. Sometimes they are used as separate appliances with one or multiple network interfaces. While IDS/IPS systems are designed to provide a higher layer of security over a basic firewall, they do not typically understand or protect against application layer attacks such as SQL Injection, XSS, etc. This reason is why the PCI standard requires a WAF to protect Internet-facing web servers instead of just a firewall with IDS/IPS capabilities.
RSS Feed