Firewall, IDS, and IPS


The three devices commonly used to provide security are the firewall, the IDS, and the IPS.





Firewall





A firewall is a network security system that actively monitors and regulates the inbound and outbound network traffic based on a predefined security ruleset. A firewall typically acts a barrier between a trusted, secure internal network and an outside network, such as the Internet, which may not be secured enough. A firewall helps screen out malicious users, viruses, and worms that try to access your network from the Internet.





Some firewalls are simply software that runs on your computer, while other firewalls are sets of complete hardware devices and appliances. Firewalls can operate on individual hosts but are widely implemented on the network level. Firewalls are often used to create a Demilitarized Zone (DMZ), a physical or logical subsection of a network that separates the internal private LAN from the external untrusted network like the Internet. The resources that need to be accessed externally over the Internet, such as a web server hosting a website, are kept in the DMZ. The remaining resources, like the database server and backup servers are all kept in an internal private LAN and are not directly accessible over the Internet. Because the resources in a DMZ are directly accessible to the public, they need to be hardened for security. Firewalls also offer a feature known as stateful inspection , which monitors and keeps track of all the network connections and ensures that all inbound packets are the result of an outbound request. This feature was primarily designed to prevent harmful packets from entering the network and also defend against common information-gathering techniques like port scanning.





Intrusion Detection System





Unlike a typical firewall, which functions on predefined rules, an intrusion detection system is more intelligent in the way it detects various attacks. While a firewall may just check and restrict access to a particular system (based on IP address and port), the IDS would go an extra mile to check whether the traffic contains any malicious code, which might lead to an attack. Just as an anti-virus program has a signature database of known viruses, an IDS has a signature database for known and common attacks. It checks all packets traversing the network and tries to match them against its signature database. If a match is found, it raises an alert about the attack so that the network/system administrator can take appropriate steps to prevent it.





Intrusion Prevention System





An intrusion prevention system does all the jobs that an IDS does, but it also stops the attack (by dropping packets) whenever it encounters malicious traffic in network packets. This ensures an automated response to an attack and reduces manual intervention.


Write a comment