An Intrusion Detection System (IDS) is used to monitor all network activity and identify any unusual activity that attack and attempt to break into the system. The main function of IDS is to warn about any suspicious activity. An ID reviews the network traffic and data and warns about any attack with displaying an alert. The IDS looks for any virus, worms and hackers with the help of intrusion signatures or attack signatures. IDS can provide notifications of only known attacks.
An Intrusion Prevention System (IPS) is the net level of security which provides security to all types of system levels. It provides the security rules with IDS to alert systems. It allows the administrator to provide action upon alert. An ID informs of a potential attack and IPS makes attempts to stop it. IPS has the capability to prevent known intrusion signatures and also some unknown attacks because of its database with generic attack behaviors. IPS is generally considered to be the "next generation" of IDS.
An IDS is a reactive security mechanism and an IPS is a proactive security mechanism. IDS system recognizes that an attack is occurring and an IPS determines whether incoming traffic is 'probably' malicious before it is received. IDS can reject any attack or access to passwords, id’s, etc. IPS can categorize traffic and determine whether it’s malicious or not. IDS and IPS are designed for different purposes, but their technologies are similar. IDS is best used to explain about what happened in an attack, whereas IPS stops attacks. IPS operates similar to IDS with one critical difference: IPS can block the attack itself; while IDS observes the traffic. Any traffic that IPS identifies as malicious is prevented from entering the network.
