Intrusion Detection (IDS/IPS)

What is intrusion detection?

Intrusion detection is a security feature built into many modern routers and firewalls that watches your network traffic for signs of known attacks. An IDS (Intrusion Detection System) acts like a security camera: it spots suspicious activity and alerts you. An IPS (Intrusion Prevention System) goes a step further and acts like a security guard: it spots the suspicious activity and blocks it on the spot.

Think of it like a smoke detector versus a sprinkler system. A smoke detector (IDS) warns you that something is wrong so you can act. A sprinkler system (IPS) detects the fire and puts it out automatically. Both are better than having nothing at all.

Why it matters

Your router's firewall blocks uninvited traffic from the internet, but it does not inspect the content of traffic it does allow through. An attacker can exploit vulnerabilities in software you use, send malicious payloads hidden inside normal-looking connections, or try to scan your network for weak points. Without IDS or IPS, these activities go unnoticed.

Many consumer routers have no intrusion detection at all. Prosumer and business routers from vendors like UniFi, Meraki, Fortinet, and MikroTik often include IDS/IPS capabilities, but they may be turned off by default. Enabling IPS on a capable router adds a meaningful layer of defense with minimal performance impact on modern hardware.

What you can do

• Check your router's security or firewall settings for an IDS or IPS toggle and enable it
• If your router offers both IDS and IPS modes, choose IPS so threats are blocked automatically rather than just logged
• Review the IDS/IPS alert log periodically to understand what threats are being detected on your network
• Keep your router firmware updated so the threat signature database stays current
• If enabling IPS causes noticeable slowdowns on an older router, IDS mode is a reasonable compromise since it still gives you visibility
• On UniFi, enable Threat Management in the Network settings and set it to IPS mode; on Meraki, look for the Security & SD-WAN appliance settings
• If your router does not support IDS or IPS at all, consider upgrading to one that does, especially for a business network

What Network Weather shows you

Network Weather checks whether your router has intrusion detection or prevention enabled. IPS (which blocks threats automatically) is preferred over IDS (which only logs them), and both are far better than having no monitoring at all.