DNS (Domain Name System)

RDP (Remote Desktop Protocol)

SSH (Secure Shell)

HTTPS (Hypertext Transfer Protocol Secure)

Signature-based detection

Anomaly-based detection

Policy-based detection

Protocol-based detection

Basic packet filtering and port-based blocking only

. Intrusion Prevention Systems deep packet inspection, and application awareness

Hardware-level physical locks and biometric authentication

Circuit-level session validation without inspecting data content

It must terminate connections and perform deep-layer packet inspection on the content

It requires the host to constantly update its checksum database

It lacks the hardware to handle basic packet filtering

It only operates at layer 3 of the OSI model

'Drop' silently discards the packet, while 'Reject' sends an error message back to the source

'Drop' allows the packet but logs it, while 'Reject' prevents the transmission

'Drop' is used for outbound traffic, while 'Reject' is strictly for inbound traffic

'Drop' requires manual approval from an admin, while 'Reject' is automated

By strictly enforcing decryption on the local machine

By initializing and scanning objects to create a checksum database

By blocking all incoming packets at the network interface card

By acting as a man-in-the-middle proxy for all web traffic

. IDS monitors host devices, while IPS only monitors network traffic.

IDS is positioned inline, while IPS is positioned out-of-band.

IDS Uses anomaly-based detection, while IPS only uses signature-based detection

IDS is passive and alerts administrators, while IPS is active and blocks threats in real-time

Application-level proxy

Static access control list

State table

Checksum database