Solved

IDS VS Firewall

Posted on 2003-11-23
3
971 Views
Last Modified: 2013-11-16

A simple question:

Can I use IDS to replace Firewall? What's your opinion?

Andrew
0
Comment
Question by:sonylwc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Expert Comment

by:td_miles
ID: 9808167
Ummm, not really. IDS (Intusion Detection System) is only to alert you that someone is trying to do something bad, it often won't do anything to prevent the bad thing from happening. Some IDS can be setup to carry out certain automated tasks upon detecting a certain type of attack, but again, you need something to protect the network, this is what the firewall does.
0
 
LVL 4

Expert Comment

by:ferg-o
ID: 9808864

You should have both really. You can have boxes which do both in one unit - we sell the Symantec Gateway Security box at the top end which is a hardened linux box running Raptor/SEF and has some of Manhunt's network IDS features. It also has AV which is critical at the perimeter.

On the cheaper side we also sell the Fortigate appliances from Fortinet which do all of the above - but on the chipset as opposed to on top of Linux. Therefore they are relatively quick but do not have some of the advanced features and are a packet filter as opposed to application proxy.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 9820143
Ditto. Absolutely insane to replace a firewall with IDS.
A firewall, by definition, automatically blocks all packets except those that you specifically configure to allow in, and typically uses stateful packet inspection that can go much further up the OSI layer (into layer 7) for "permission to come aboard"..
An IDS only listens passively to the network and sends an alert IF it sees something that it is programmed to alert on- typically based on known 'signatures'. This won't protect against unknown (or day-zero) outbreaks because the signature has not been captured and the IDS programmed to look for that new signature.

It's like putting a nice big strong lock on your home's door, then adding a motion-dector sensor and alarm on the inside of your house. If someone does perchance get through the door, you want to know it. Would you leave your door wide open just because you have a motion sensor turned on? Probably not.
Can you do without the motion sensor if you remember to keep the door closed and locked? Perhaps.
It's all relative to the value of what is behind the lock.


0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question