Which system is designed to detect intrusions rather than actively prevent them?

The system designed specifically to detect intrusions rather than actively prevent them is an Intrusion Detection System (IDS). The primary purpose of an IDS is to monitor network traffic and system activities for any signs of unauthorized access or irregular behavior. It analyzes the data and generates alerts when suspicious activity is detected, allowing administrators to respond accordingly. However, unlike an Intrusion Prevention System (IPS), an IDS does not take direct action to block or mitigate the detected threats; its role is purely to detect and log incidents for further investigation.

In contrast, systems like firewalls and IPS actively work to prevent unauthorized access by filtering traffic based on predetermined security rules. Content filters focus on blocking specific types of content from being accessed, rather than monitoring for intrusions. Thus, the IDS's role as a detection mechanism clearly establishes it as the appropriate choice for this question.