Firewall and IDS/IPS.
by n00b_noob from LinuxQuestions.org on (#5E7YX)
Hello,
I found below descriptions about Firewall and IDS/IPS:
Quote:
And:
Quote:
I have some questions:
I found below descriptions about Firewall and IDS/IPS:
Quote:
| A firewall is a hardware and/or software which functions in a networked environment to block unauthorized access while permitting authorized communications. Firewall is a device and/or a sotware that stands between a local network and the Internet, and filters traffic that might be harmful. An Intrusion Detection System (IDS) is a software or hardware device installed on the network (NIDS) or host (HIDS) to detect and report intrusion attempts to the network. We can think a firewall as security personnel at the gate and an IDS device is a security camera after the gate. A firewall can block connection, while a Intrusion Detection System (IDS) cannot block connection. An Intrusion Detection System (IDS) alert any intrusion attempts to the security administrator. However an Intrusion Detection and Prevention System (IDPS) can block connections if it finds the connections is an intrusion attempt. |
Quote:
| An IPS will inspect content of the request and be able to drop, alert, or potentially clean a malicious network request based on that content. The determination of what is malicious is based either on behavior analysis or through the use of signatures. A firewall will block traffic based on network information such as IP address, network port and network protocol. It will make some decisions based on the state of the network connection. |
- An IPS can work as a firewall too?
- If a Firewall is like a gate and IDS/IPS is like a camera after the gate, then why a Firewall can't detect and block all attempts?
- A web server or local network, need both of Firewall and IDS/IPS?