Solved

IDS VS Firewall

Posted on 2003-11-23
3
968 Views
Last Modified: 2013-11-16

A simple question:

Can I use IDS to replace Firewall? What's your opinion?

Andrew
0
Comment
Question by:sonylwc
3 Comments
 
LVL 13

Expert Comment

by:td_miles
ID: 9808167
Ummm, not really. IDS (Intusion Detection System) is only to alert you that someone is trying to do something bad, it often won't do anything to prevent the bad thing from happening. Some IDS can be setup to carry out certain automated tasks upon detecting a certain type of attack, but again, you need something to protect the network, this is what the firewall does.
0
 
LVL 4

Expert Comment

by:ferg-o
ID: 9808864

You should have both really. You can have boxes which do both in one unit - we sell the Symantec Gateway Security box at the top end which is a hardened linux box running Raptor/SEF and has some of Manhunt's network IDS features. It also has AV which is critical at the perimeter.

On the cheaper side we also sell the Fortigate appliances from Fortinet which do all of the above - but on the chipset as opposed to on top of Linux. Therefore they are relatively quick but do not have some of the advanced features and are a packet filter as opposed to application proxy.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 9820143
Ditto. Absolutely insane to replace a firewall with IDS.
A firewall, by definition, automatically blocks all packets except those that you specifically configure to allow in, and typically uses stateful packet inspection that can go much further up the OSI layer (into layer 7) for "permission to come aboard"..
An IDS only listens passively to the network and sends an alert IF it sees something that it is programmed to alert on- typically based on known 'signatures'. This won't protect against unknown (or day-zero) outbreaks because the signature has not been captured and the IDS programmed to look for that new signature.

It's like putting a nice big strong lock on your home's door, then adding a motion-dector sensor and alarm on the inside of your house. If someone does perchance get through the door, you want to know it. Would you leave your door wide open just because you have a motion sensor turned on? Probably not.
Can you do without the motion sensor if you remember to keep the door closed and locked? Perhaps.
It's all relative to the value of what is behind the lock.


0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to Access NetScaler admin URL from external source 8 1,222
Firewall Analyzer Reporting Software 4 56
DHCP lease issue ? 8 94
SQL Server Communications Audit 5 92
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question