Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection SystemsArdeliza LansangTechnologies for Intrusion Detection Prompt Both firewalls and intrusion detection systems ar used to admonisher engagement traffic and implement net transaction security policies. Research these technologies and determine how they are similar and how they differ. Are both needed? Explain your answer in a short paper. (SNHU. n.d.)BRIEF INTRODUCTIONTechnology has enhanced our functional lives by providing us with innovations (e.g., stationary and portable devices). It has in like manner developed unhomogeneous modes of communications (e.g., VOiP, depiction conferencing, email, SMS). These advancements have chuck up the spongeed individuals and business the ability to remain connected with one another continuously and globally, regardless of time and space.Concurrently, the digital or reading age has alike produced serious vane c at one timerns and threats. The prevalent problems range from phishing, scamming, cyber-bul lying to network services disruption (such as DoS, or denial of service), information or identity theft and information sabotage. Cyber or Internet crimes have resulted in diminishing or halting productivity. They have also caused victims to suffer physical, mental, emotional and financial loss.To counter ominous risks, various packet and hardware products have been manufactured to prevent and combat unauthorized access to the network systems. Implementing the necessary security measures can eliminate or reduce the ongoing vulnerability to cyber violations. In addition to having a stable security infrastructure, it is crucial to raise awareness of any threats among users and to remind them of their responsibilities toward maintaining security or how to work against malicious activities (e.g., secure password, keeping software and the OS current, safeguarding sensitive information, etc.)FIREWALLA firewall is a hardware or a software (or a combination of both) that sits amid a LAN and the Internet. Acting as a barrier amongst a trusted and an untrusted network, its main function is to filter traffic in a networked environment by blocking unauthorized or harmful activities and permitting authorized communications. By monitoring the incoming and outgoing network traffic, a firewall is fundamentally the scratch line of peripheral defense against any intrusions. (Bradley.)A firewall not only enhances the security of a host or a network but also protects and shields the applications, services, and machines that are attached to the network system. By checking data packets, it allows nonthreats to pass through. Conversely, it either drops, erases, denies or returns threats to the sender. (Sherman.)Types of firewallsPacket filters Packet filtering is the process of allowing or preventing packets at a network interface by checking destination port number source and destination addresses, and/or protocols. In a software firewall, a packet filter class examines the header of each packet based on a specific set of rules and is either passed (called ACCEPT) or prevented (called DROP). (TechTarget.com.)Stateful chitchation This firewall technology (also referred to known as kinetic packet filtering, monitors the state of active connections. Based on this information and by analyzing packets down to the application layer, it determines which network packets to permit passage through the firewall. It monitors and tracks communications packets everyplace a length of time. (TechTarget.com.)Proxys Proxy firewalls, in combination with stateful inspection firewall perform deep application inspections (e.g., layer 7 protocols such as HTTP, FTP). Unlike stateful firewalls which cannot inspect application layer traffic, proxys can prevent an HTTP-based attack. This process is achieved by making the firewall act as a proxy, i.e., after the client opens a connection to the firewall, the firewall opens a separate connection to the server on behalf of the client (without the clients knowledge). (TechTarget.com.)Benefits of firewallProtects against routing-based attacksControls access to systemsEnsures privacyDrawbacks of firewallDifficult to configurePossibility of blocking nonthreats or useful servicesCould allow back door attack (via modem access)No antivirus protectionPossible performance problems (or, cause potential bottleneck)Security tends to be concentrated in a single(a) spotINTRUSION DETECTION SYSTEMS (IDS)An IDS can also be software- or hardware-based, such as a separate information processing system, that monitors network activity in a single computer, or a specific network or multiple networks within a WAN. It attempts to identify and evaluate a suspected intrusion once it has occurred by signaling an alarm and trying to stop it. It is akin to a smoke detector that raises an alarm at the signs of threat. (Pfleeger and Pfleeger.)It oversees traffic by identifying patterns of activity and equivalence the information to attacks that are already listed in the IDS database. For example, detected anomalies are compared with normal levels, i.e., a high level of or a spike in packet size or activity could mean a hacking attack. The technology is typically use to enforce corporate policy and are not configured to drop, cut or deny traffic. It primarily generates warning signals or alarms. (Sherman.)IDS can be network based or host basedNIDS (Network Intrusion Detection Systems), which are placed at a strategic point or points within the network, oversee inbound and outbound traffic among all devices on the network. In this system, anti-threat software is installed only at specific servers that interface between the external environment and the internal network. (TechTarget.com.)HIDS (Host Intrusion Detection Systems), which are conducted on individual hosts or devices on the network, monitor the incoming and outgoing packets from the device only and will signal an alert when suspicious activity is ident ified. In this system, anti-threat applications (e.g., firewalls, antivirus and spyware-detection software) are installed on every computer connected to the network system and that has access to the Internet. (TechTarget.com.)Benefits of IDSEnables the detection of external hackers and internal network-based attacksCan be scaled easily, providing protection for the entire networkAccommodates in-depth defenseAllows an supernumerary layer of protectionDrawbacks of IDSProduces false reports (positives and negatives)Acknowledges attacks but does not prevent themExpensive to implement, requiring full-time monitoring and highly-skilled staffRequires a complex event-response processUnable to monitor traffic at higher transmission ratesProduces a tremendous amount of data to be analyzedVulnerable to low and slow attacksCannot freshet with encrypted network trafficCONCLUSIONBoth firewall and IDS complement one another. While a firewall limits network access to prevent intrusions or watches out for intrusions to prevent them from occurring, it does not signal an attack from inside the network the way an IDS does. While a firewall can block traffic or connection, IDS cannot. It can only alert any intrusion attempts. It monitors attacks and evaluates intrusions that are specifically designed to be overlooked by a firewalls filtering rules. A firewall is analogous to a security guards or personnel at the gate and an IDS device is a security camera after the gate. Another analogy that can be used is that a firewall is akin to installing locks on doors to prevent intrusion IDS is installing security systems with alarms. (TechTarget.com.)ReferencesBarbish, J. J. (n.d.). Chapter 29. Firewalls. Retrieved on bump into 6, 2017 from https//www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.htmlBradley, T. (August 21, 2016). Introduction to Intrusion Detection Systems (IDS). Retrieved on March 6, 2017 from https//www.lifewire.com/introduction-to-intrusion-detection-sys tems-ids-2486799Difference between Firewall and Intrusion Detection System. (n.d.). Retrieved on March 10, 2017 from http//www.omnisecu.com/security/infrastructure-and-email-security/difference-between-firewall-and-intrusion-detection-system.phpFirewall. (n.d.). Retrieved on March 10, 2017 from http//searchsecurity.techtarget.com/definition/firewallFirewalls. (n.d.). Retrieved on March 10, 2017 from http//csc.columbusstate.edu/summers/Research/NetworkSecurity/security/firewalls.htmGattine, K. (n.d.). Types of firewalls An introduction to firewalls. Retrieved on March 10, 2017 from http//searchnetworking.techtarget.com/tutorial/Introduction-to-firewalls-Types-of-firewallsHIDS/NIDS (host intrusion detection systems and network intrusion detection systems). (n.d.). Retrieved on March 10, 2017 from http//searchsecurity.techtarget.com/definition/HIDS-NIDSIDS/IPS Pros and Cons. (n.d.). Retrieved on March 10, 2017 from http//flylib.com/books/en/2.352.1.16/1/Kurose, J. F., Ross, K. W. (2013 ). Computer Networking A Top-Down Approach, 6th Edition. MBS Direct. Retrieved from https//mbsdirect.vitalsource.com//books/9780133464641/Pfleeger, C.P. and Pfleeger, S.L. (March 28, 2003). Security in Networks. .). Retrieved on March 10, 2017 from http//www.informit.com/articles/article.aspx?p=31339seqNum=5Sherman, F. (n.d.). The Differences between a Firewall and an Intrusion Detection System. Retrieved on March 10, 2017 from http//smallbusiness.chron.com/differences-between-firewall-intrusion-detection-system-62856.html fiddling Paper/Case Study Analysis Rubric. (n.d.). Retrieved on January 7, 2017 from https//bb.snhu.edu/webapps/blackboard/content/listContent.jsp?course_id=_107231_1content_id=_14552222_1