https://mostafa-ashour.github.io/tags/ids/Recent content in IDS on Ashour BlogHugoen-us<a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a>Fri, 17 Apr 2026 14:33:33 +0200https://mostafa-ashour.github.io/posts/working-with-ids-ips/Fri, 17 Apr 2026 14:33:33 +0200https://mostafa-ashour.github.io/posts/working-with-ids-ips/<h1 id="introduction-to-idsips">Introduction To IDS/IPS</h1> <ul> <li> <p><em><strong>Network security monitoring (NSM)</strong></em> relies on <code>Intrusion Detection Systems (IDS)</code> and <code>Intrusion Prevention Systems (IPS)</code> to:</p> <ul> <li>Identify potential Threats.</li> <li>Mitigate their impact.</li> </ul> </li> <li> <p>An <code>Intrusion Detection System (IDS)</code>:</p> <ul> <li>Monitors network or system activity for malicious behavior and policy violations.</li> <li>Reporting to a management station to provide network visibility.</li> </ul> </li> <li> <p>While an <code>IDS</code> alerts to intrusions, it does not prevent them.</p> </li> <li> <p>The IDS operates in two main modes:</p> <ul> <li>Signature-Based Detection.</li> <li>Anomaly-Based Detection.</li> </ul> </li> <li> <p>In <code>signature-based detection</code>:</p>