2.2.2. Security and Storage Appliances
IDS (Intrusion Detection System): Monitors traffic and alerts on suspicious activity. Passive—doesn't block traffic, just detects and notifies. Sits out-of-band (receives copies of traffic).
IPS (Intrusion Prevention System): Monitors traffic and actively blocks threats. Inline—traffic flows through it, allowing it to drop malicious packets. The "P" means it takes action.
⚠️ Exam Trap: IDS detects and alerts; IPS detects and prevents. If a question asks about "mitigating" or "preventing" attacks inline, IPS is correct. If it asks about "detecting" or "alerting" without blocking, IDS is correct.
Proxy: Intermediary that makes requests on behalf of clients. Can cache content (improving performance), filter URLs (blocking categories), and hide client IPs (privacy). Forward proxy serves internal clients accessing external resources. Reverse proxy serves external clients accessing internal resources (often for load balancing or security).
NAS vs. SAN:
| Feature | NAS | SAN |
|---|---|---|
| Access Type | File-level (shared folders) | Block-level (raw disk) |
| Protocol | SMB/CIFS, NFS | Fibre Channel, iSCSI |
| Appears As | Network share | Local disk |
| Best For | File sharing, home directories | Databases, virtual machines |
