| IDS (Intrusion Detection Systems) |
|
The differences between firewalls and an IDS have become less evident over the past few years. Traditionally, the difference was that an IDS could "understand" the contents of packet headers, such as flags and options, rather than just looking at IP addresses and ports. Firewalls have become smarter though, and application layer filtering firewalls can perform the same sort of deep inspection as an IDS. With add-on products, these firewalls perform even more efficiently in the IDS role. Technically speaking, an IDS performs the same function for your network that a security alarm system performs for your home or office building. That is, it monitors for intrusions and lets someone know when one occurs, but doesn't really do anything to prevent the intruder from entering. You probably wouldn't consider implementing an alarm system on a building without also coupling it with preventative measures such as strong locks and perhaps security guards. Likewise, an IDS needs to be combined with mechanisms to prevent intrusions as well as detect intrusion attempts. That's why most products today that are called IDS are really a combination IDS/IPS. Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. |