Cisco intrusion detection systems (IDS) and intrusion prevention systems (IPS) are some of many systems used
as part of a defense-in-depth approach to protecting the network against malicious traffic.
IPS Versus IDS
What Sensors Do
A sensor is a device that looks at traffic on the network and then makes a decision based on a set of rules to
indicate whether that traffic is okay or whether it is malicious in some way.
Difference between IPS and IDS
You can place a sensor in the network to analyze network traffic in one of two ways. The first option is to
put a sensor inline with the traffic, which just means that any traffic going through your network is forced
to go in one physical or logical port on the sensor. At the sensor, the traffic is analyzed. That is the
concept behind intrusion prevention systems (IPS).
IDS is detecting the attack (hence the term intrusion detection system) but is not preventing the attack.
Sensor Platforms
A dedicated IPS appliance, such as the 4200 series
Software running on the router in versions of IOS that support it
A module in an IOS router, such as the AIM-IPS or NME-IPS modules
A module on an ASA firewall in the form of the AIP module for IPS
A blade that works in a 6500 series multilayer switch
Cisco FirePOWER 8000/7000 series appliances
Virtual Next-Generation IPS (NGIPSv) for VMware
More Info: cisco ids ips