Firewalls and IDS/IPS
Introduction
A typical corporate network makes use of a number of networking devices and mechanisms for preventing various attacks and maintaining the security of their network. Firewalls and IDS/IPS are some of the most important networking defenses in line to achieve this goal. In this article, we will be learning about them.
Learn Network Security Fundamentals
Firewall
A firewall is a network security device placed at the perimeter of the corporate network. This is done so all the packets entering the network first go through the firewall.
The main function of the firewall is to screen all the packets entering, leaving and flowing in the network to prevent unauthorized access between two or more computers. A firewall scans all the packets and accordingly allows, denies or drops packets, depending upon the rules configured on it.
For example, a firewall may have rules configured to allow only HTTP packets. If a firewall receives ICMP packet, it simply drops the packet and does not allow it to be entered into the network.
Firewall types
Generally, there are two types of firewall available in use.
They are as follows:
- Network-based firewall: These firewalls function at network level. It takes care of all the packets coming in and going out of the network and filters traffic based on the rules configured on the firewall.
- Host-based firewall: Host-based firewalls are the ones which are installed on a personal computer/PC. Thus, this firewall takes care of filtering all the traffic for a single dedicated system — unlike network-based ones, which take care of the whole network. These are software-based firewalls, which usually come as a part of the operating system.
Firewall classification
A firewall is available in many forms. They are:
- Hardware firewall
- Software firewall
- Packet-filter firewall
- Proxy firewall
- Application gateways
- Circuit-level gateways
- Stateful packet inspection (SPI)
IDS
IDS stands for Intrusion Detection System. As the name suggests, it is used to detect and monitor traffic for illegitimate packets or suspicious activity and raises an alert when it comes across one. An IDS is usually software which scans a network and reports it to SIEM for further analysis so correct measures are taken.
IDS detection method
IDS implements two methods to detect anomaly in the packet in the network. They are:
- Signature-based detection: In signature-based detection, IDS detects malicious packets by observing the events and identifying patterns with the signatures of known attacks. If the signature matches then the alert is raised, else the packet is allowed in the network.
- Anomaly-based detection: In anomaly-based detection, packet filtering is based on a predefined set of rules or patterns rather than signatures/patterns. If the packet does not match the rules/patterns then the alert is raised and sent to SIEM.
IDS classification
IDSes can be classified into five types.
- Network Intrusion Detection System (NIDS)
- Host Intrusion Detection System (HIDS)
- Protocol-based Intrusion Detection System (PIDS)
- Application Protocol-based Intrusion Detection System (APIDS)
- Hybrid Intrusion Detection System
IPS
IPS stands for Intrusion Detection and Prevention System. As the name suggests, it detects malicious packets, sends info to SIEM and blocks the packet. Unlike IDS, which just detects and reports the packet, IPS attempts to block the packets as well. Thus, IPS is a bit advanced and is more effective than IDS.
IPS detection method
IPS implements three methods to detect anomaly and block the packet in the network. They are:
- Signature-based detection: In signature-based detection, IPS detects malicious packets by observing the events and identifying patterns with the signatures of known attacks. If the signature matches, then the alert is raised and the packet is dropped.
- Anomaly-based detection: In anomaly-based detection, packet filtering is based on a predefined set of rules or patterns rather than signatures/patterns. If the packet does not match the rules/patterns then the alert is raised, sent to SIEM and the packet is dropped.
- Stateful protocol analysis detection: In stateful protocol analysis detection, detection is based on divergence of protocol. Incoming packets are compared with the profile of accepted definitions and accordingly packet is dropped or allowed.
Firewall vs. IDS vs. IPS
Following is the general comparison between firewall, IDS and IPS.
Learn Network Security Fundamentals
Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.
Learn Network Security Fundamentals
Conclusion
This article provided an overview of firewall, IDS and IPS. It also stresses the importance and their role in protecting the corporate network. We saw why they should be part of every network and how they can provide active defense against malicious attacks from outside players.
Sources
- IDS vs. IPS: What is the Difference?, Varonis
- What Is a Firewall?, Cisco
- Introduction of Firewall in Computer Network, GeeksforGeeks
- Intrusion Detection System (IDS), GeeksforGeeks
- Intrusion Prevention System (IPS), GeeksforGeeks
Network Security Fundamentals
Learn the fundamentals of networking and how to secure your networks with seven hands-on courses. What you'll learn:- Models and protocols
- Networking best practices
- Wireless and mobile security
- Network security tools
- And more
In this Series
- Firewalls and IDS/IPS
- What is zero trust architecture (ZTA)? Pillars of zero trust and trends for 2024
- A deep dive into network security protocols: Safeguarding digital infrastructure 2024
- Asset mapping and detection: How to implement the nuts and bolts
- The Pentagon goes all-in on Zero Trust
- How to configure a network firewall: Walkthrough
- 4 network utilities every security pro should know: Video walkthrough
- How to use Nmap and other network scanners
- Security engineers: The top 13 cybersecurity tools you should know
- Converting a PCAP into Zeek logs and investigating the data
- Using Zeek for network analysis and detections
- Suricata: What is it and how can we use it
- Intrusion detection software best practices
- What is intrusion detection?
- How to use Wireshark for protocol analysis: Video walkthrough
- 9 best practices for network security
- Securing voice communications
- Introduction to SIEM (security information and event management)
- VPNs and remote access technologies
- Cellular Networks and Mobile Security
- Secure network protocols
- Network security (101)
- IDS/IPS overview
- Exploiting built-in network protocols for DDoS attacks
- Firewall types and architecture
- Wireless attacks and mitigation
- Wireless network overview
- Open source IDS: Snort or Suricata? [updated 2021]
- PCAP analysis basics with Wireshark [updated 2021]
- What is a firewall: An overview
- NSA report: Indicators of compromise on personal networks
- Securing the home office: Printer security risks (and mitigations)
- Email security
- Data integrity and backups
- Cost of non-compliance: 8 largest data breach fines and penalties
- How to find weak passwords in your organization’s Active Directory
- Monitoring business communication tools like Slack for data infiltration risks
- IPv4 and IPv6 overview
- The OSI model and TCP/IP model
- Endpoint hardening (best practices)
- Wireless Networks and Security
- Networking fundamentals (for network security professionals)
- How your home network can be hacked and how to prevent it
- Network design: Firewall, IDS/IPS
- Work-from-home network traffic spikes: Are your employees vulnerable?
- RTS threshold configuration for improved wireless network performance [updated 2020]
- Web server protection: Web server security monitoring
- Web server security: Active defense
- Web server security: Infrastructure components
- Web server protection: Web application firewalls for web server protection
- Web server security: Command line-fu for web server protection
Get certified and advance your career!
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
