There are also disadvantages to working with IDS.

  • False positives occur when the IDS thinks that legitimate traffic is actually an attack.
  • This could result in denial of legitimate traffic passing through your network or the desensitization of human operators to alarms.
  • False negatives occur when the IDS doesn't recognize a new type of attack. The IDS reports back to the users that the network is fine, but it is actually under attack.

While some IDS's cannot stop an attack in progress and can only report on it, the Cisco Secure IDS can stop an attack in progress.