notes/areas/OPNsense/Initial-Notes/OPNsense_IDS-and-IPS.md

Introduction

An Intrusion Detection System (IDS) watches network traffic for suspicious patterns and can alert operators when a pattern matches a database of known behaviors. An Intrusion Prevention System (IPS) goes a step further by inspecting each packet as it traverses a network interface to determine if the packet is suspicious in some way. If it matches a known pattern the system can drop the packet in an attempt to mitigate a threat.