TMS zl Management and Configuration Guide ST.1.1.100226

6-13

Intrusion Detection and Prevention

Threat Detection and Prevention

In monitor mode, the TMS zl Module can provide Intrusion Detection System

(IDS) functionality. An IDS detects intrusions but does not take action to stop

or prevent them. An IDS is offline, and its only role is to detect threats and log

them, as shown in Figure 6-1. In routing mode, the TMS zl Module can provide

Intrusion Prevention System (IPS) functionality, which detects threats in

much the same way the IDS does, but goes further to take action to mitigate

threats. IPS functionality is available on the TMS zl Module in routing mode

only.

Monitor Mode

Figure 6-1. The TMS zl Module in Monitor Mode Logs Attacks

Figure 6-2 shows the packet flow when the TMS zl Module is in monitor mode.