IDS / IPS meaning and do i have it

Hi Experts,

I am filling out a compliance document and it has asked me if we have any active IDS / IPS on the network and to define what they are.

to my knowledge an IDS / IPS is to do with a device or application actively checking for malicious attacks.

we use an AV which has an on access scan, no managed UI just a reporting dashboard. does this count?

Antivirus : F-Secure PSB Workstation security

correct me if I am getting anything wrong.

peggiegreg
LVL 2
peggiegregAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
That does not count, antivirus is endpoint security. IPS, IDS is hardware device that recognize viruses and attacks by its signature.
peggiegregAuthor Commented:
I understand, so would my Draytek Vigor 2860's firewall offer this? or would you need separate hardware to enable this?
Muhammad BurhanManager I.T.Commented:
both are use for inspecting live traffic to/from outside world, typically firewall (hardware/software) own this subject.
AVs can't inspect live traffic and scanning ports communication with filtering etc.
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

JustInCaseCommented:
Some Cisco  ISR ruters have integrated IPS (optional), but I don't think Draytek Vigor 2860 has it.
Muhammad BurhanManager I.T.Commented:
its just a router who connects your LAN to WAN it cannot inspect traffic.
http://www.draytek.co.uk/products/business/vigor-2860

lets
Think of a traffic cop at an intersection. He will carefully and decisively direct the traffic the direction it needs to go, this is a router.

You have another cop that has a gun. He does not care where the traffic is going, he just wants to know what the traffic is doing. If it is "bad" then he will shoot that "blocked" traffic onsite and toss it in the bit bucket. This would be a firewall.

Now take the traffic cop and give him the gun. He will now direct traffic as well as make sure it is "good". He is now a router+firewall.

so technically in order to inspect and block unwanted/malicious activities, we need additional hardware/software called firewall.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
peggiegregAuthor Commented:
this has clarified all my questions, thank you Muhammed + Predrag
Muhammad BurhanManager I.T.Commented:
Welcome !!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.