Solved

IDS VS Firewall

Posted on 2003-11-23
3
964 Views
Last Modified: 2013-11-16

A simple question:

Can I use IDS to replace Firewall? What's your opinion?

Andrew
0
Comment
Question by:sonylwc
3 Comments
 
LVL 13

Expert Comment

by:td_miles
Comment Utility
Ummm, not really. IDS (Intusion Detection System) is only to alert you that someone is trying to do something bad, it often won't do anything to prevent the bad thing from happening. Some IDS can be setup to carry out certain automated tasks upon detecting a certain type of attack, but again, you need something to protect the network, this is what the firewall does.
0
 
LVL 4

Expert Comment

by:ferg-o
Comment Utility

You should have both really. You can have boxes which do both in one unit - we sell the Symantec Gateway Security box at the top end which is a hardened linux box running Raptor/SEF and has some of Manhunt's network IDS features. It also has AV which is critical at the perimeter.

On the cheaper side we also sell the Fortigate appliances from Fortinet which do all of the above - but on the chipset as opposed to on top of Linux. Therefore they are relatively quick but do not have some of the advanced features and are a packet filter as opposed to application proxy.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
Comment Utility
Ditto. Absolutely insane to replace a firewall with IDS.
A firewall, by definition, automatically blocks all packets except those that you specifically configure to allow in, and typically uses stateful packet inspection that can go much further up the OSI layer (into layer 7) for "permission to come aboard"..
An IDS only listens passively to the network and sends an alert IF it sees something that it is programmed to alert on- typically based on known 'signatures'. This won't protect against unknown (or day-zero) outbreaks because the signature has not been captured and the IDS programmed to look for that new signature.

It's like putting a nice big strong lock on your home's door, then adding a motion-dector sensor and alarm on the inside of your house. If someone does perchance get through the door, you want to know it. Would you leave your door wide open just because you have a motion sensor turned on? Probably not.
Can you do without the motion sensor if you remember to keep the door closed and locked? Perhaps.
It's all relative to the value of what is behind the lock.


0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now