What is the difference between an Intrusion Detection System and an Intrusion Protection System?

What will be an ideal response?

ANSWER: An IDS (intrusion detection system) is a stand-alone device, an application, or a built-in feature running on a workstation, server, switch, router, or firewall. It monitors network traffic, generating alerts about suspicious activity. Whereas a router's ACL or a firewall acts like a bouncer at a private club who checks everyone's ID and ensures that only club members enter through the door, an IDS is generally installed to provide security monitoring inside the network, similar to security personnel sitting in a private room monitoring closed-circuit cameras in the club and alerting other security personnel when they see suspicious activity. Although an IDS can only detect and log suspicious activity, an IPS (intrusion prevention system) stands in-line between the attacker and the targeted network or host, and can prevent traffic from reaching that network or host. If an IDS is similar to security personnel using closed-circuit cameras to monitor a private club, an IPS would be similar to security personnel walking around in the club available to escort unruly patrons to the exit door. IPSes were originally designed as a more comprehensive traffic analysis and protection tool than firewalls.