CIS608 - Week8 - IDS Vs IPS Vs Firewall

Intrusion Detection System (IDS) vs Intrusion Prevention System (IPS) vs Firewall


IDS, IPS, and Firewall talk about providing security to network and are described as principal components of a Network especially Data Center Network. 
  • Firewall:
Firewall is a network security device that filters incoming and outgoing network traffic based on pre-determined security rules. Main working nature of firewall is it filters traffic based on IP address and port numbers. It is configured in layer3 mode or transparent mode. It would be placed inline at the perimeter of the network. Traffic patterns of Firewall are not analyzed. Firewall blocks the detected unauthorized traffic on the network.
In brief, Firewall is a device or application that analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected.
  • Intrusion Detection System (IDS)
It is a software application or a device that monitors a traffic for policy violations of malicious activity and sends out an alert on detection. IDS’s principle of working is detecting real-time traffic and look for traffic patterns or signatures of attack and then generates alerts. It is configured as end host for monitoring and detection. It is being configured in layer 7. It is placed non-inline through port span after Firewall. Traffic patterns for IDS are analyzed. IDS create alerts/alarms on detection of an anomaly. In technical terms, IDS is a device or application that analyzes whole packets, both header, and payload, looking for known events. When a known event is detected a log message is generated detailing the event.
  • Intrusion Prevention System (IPS) –
IPS is a device that inspects, detects and clarifies the traffic and then actively prevents malicious traffic from an attack on the network.
The main fundamental of IPS working nature is inspecting the real-time traffic and looks for the signature of attack or traffic patterns and then prevents the attacks on detection. The mode of IPS’s configuration is in-line, generally being in layer 7. Generally, it will be placed in-line after Firewall. Traffic patterns for an IPS system are analyzed. IPS prevents the traffic after detection of abnormal traffic on a network. In general terms, it is a device or application that analyzes whole packets, both header, and payload, looking for known events. When a known event is detected the packet is rejected.




Not having an IPS system result in attacks going unnoticed. A firewall does the filtering, blocking and allowing of addresses, ports, service, but also allows some of these through the network as well. However, this means that the access allowed is just let through, and firewalls have no clever way of telling whether that traffic is legit and normal. This is where the IPS and IDS systems come into play.
So, even if firewalls block and allow traffic through, IDS/IPS detect and look at that traffic in close detail to see if it is an attack. IDS/IPS systems are made up of sensors, analyzers and GUI’s to do their specialized job.
IPS is used to prevent from intrusion means it can detect as well as prevent or block the suspicious traffic.
IDS can only detect the suspicious traffic means we have to be alert, monitor the events and IDS can be used as forensics.
Firewalls basic understanding - Firewalls can Accept/Drop the packets based on pre-defined policies using IP address, Port Number, and Protocols. The firewall cannot inspect traffic Content.
Note - Now Threat Prevention, Next Generation firewalls are there and can work on Layer 7 also.

Resources:
Image source: https://ipwithease.com/firewall-vs-ips-vs-ids/033-firewall-vs-ips-vs-ids/

http://www.internet-computer-security.com/Firewall/IPS.html

Comments

Post a Comment

Popular posts from this blog

CIS608 - Week5 - Enhancing Cyber Security with Artificial Intelligence

Cyber attackers are using more and more sophisticated technologies and automated tools to launch their attacks on the targets. As soon as they find a vulnerability in network, application, or simply anywhere, within minutes to hours, they intrude, compromise and steal the data. With this scenario, responding to attacks and time to remediation is essential for the organizations. This kind of quick response may not be possible with traditional methods. It may take several days for the IT/Security teams to collate the data, analyze traffic trends and to establish the type of data breach context.  According to a research conducted in IT industry, suggests it take 146 days for them to react to any Cybersecurity threats. For this reason, to address this time-critical challenge, IT industry is exploring Artificial Intelligence option. Using AI may be the best bet for organizations, especially for the companies deal with consumer data to protect their networks from Cyber attacks. AI and ma
Read more

CIS608 - Week4 - New trends in Financial Services

Image
Mobile and computer literacy is on the rise continuously. Smartphones play a vital role in everyone's daily life.  Mobile applications are trending topic among consumers, especially in youth,  daily. Consumers are able to get their services and goods with a push of a button via mobile phones. Mobile phones are shaping up all the industries one way or the other. Financial services are no exception. It has a strong influence of mobile phone on it. Banks are striving more to make the mobile banking services more frictionless, enhanced services and biometric validated applications services. In that context, a Canadian based startup called - Zoompass has developed a mobile phone-based platform that enables consumers can obtain financial services on the mobile phone. Zoompass mainly focuses on e-Payments. It has a strong partnership with Banks and other credit card institutions such as Visa and MasterCard. Along with these, it has the Candian government agency - First Global Data
Read more