What is the difference between passive and active intrusion detection? I know that the passive intrusion detection will detect and record intrusion attempts, but it does not take action. The active intrusion detection will detect the attacks and send an alert to the network administrator or take action to block the attack. With that said, why would anyone waste their money on even getting the passive intrusion detection if it only records the attacks and takes no action. I really don't understand. What are the pros and cons of passive and active intrusion detection? What are decoys and how are they used in a network?
Passive Vs Active Defense
An Intrusion Detection System (IDS) detects and intrusion attempt. A variety of responses can then be mounted and they are divided into two categories.
1) Active Intrusion Detection System-This will mount an automatic response to the threat. The response can include everything from collecting information regarding the nature of the attack and attacker to blocking the source address, closing connections or restarting a server or ...
The solution discusses passive and active intrusion detection.