Intrusion Detection System (IDS)

mgmguy1mgmguy1 Member Posts: 485 ■■■■□□□□□□
I am so confused on this. IDS (Intrusion Detection System ) is designed to inspect and detect the kinds of traffic or network behavior patterns that match known attack signatures or that suggest potential unrecognized attack that may be incipient or in progress
What I am trying to understand is how do a Application fire wall differ from an IDS software package ?

Please advise, MY Network plus book does not do a good job in explaing the deiiference.
"A lot of fellows nowadays have a B.A., M.D., or Ph.D. Unfortunately, they don't have a J.O.B."

Fats Domino

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    You may be confised by the large number of "do-everything" appliances and firewalls out there today. Many firewalls have some IDS/IPS functions built in, and some IPS devices have firewalling functions that are activated upon bad traffic detection.

    An application firewall handles traffic at layer 7 protocols (in general terms - I would like to avoid another lengthy discussion of the OSI model and things that cross layer boundaries) instead of just examining packet headers and port numbers, etc. An IDS can operate at the same layer (some do, some don't) but is looking, as you say, for signature matches and then alerts you based on your configuration settings in the IDS itself. A firewall that works at the application layer uses rules/acls based on the configuration to either allow or drop traffic.

    Short answer:
    Application firewall uses rules to allow or drop traffic.
    IDS uses signatures or hueristics to log and alert.
    All things are possible, only believe.
  • mgmguy1mgmguy1 Member Posts: 485 ■■■■□□□□□□
    Thanks, The short answer did the trick.
    I am going to google this to try to learn more about Intrusion Detection System. As it reads in my network plus book, Intrusion Detection System (I.D.S.) does not work along side an Application Layer firewall but it is rather a tool to monitior network traffic.

    If anyone else has any thoughts on IDS, Pleasee share.

    Patrick
    "A lot of fellows nowadays have a B.A., M.D., or Ph.D. Unfortunately, they don't have a J.O.B."

    Fats Domino
  • bighornsheepbighornsheep Member Posts: 1,506
    sprkymrk wrote:
    You may be confised by the large number of "do-everything" appliances and firewalls out there today. Many firewalls have some IDS/IPS functions built in, and some IPS devices have firewalling functions that are activated upon bad traffic detection.

    Agree! Lots of different terms being thrown around.....

    My understanding is that IDS is a 'stronger' firewall.
    Jack of all trades, master of none
  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    sprkymrk wrote:
    You may be confised by the large number of "do-everything" appliances and firewalls out there today. Many firewalls have some IDS/IPS functions built in, and some IPS devices have firewalling functions that are activated upon bad traffic detection.

    Agree! Lots of different terms being thrown around.....

    My understanding is that IDS is a 'stronger' firewall.

    Close spymark, but I wouldn't go so far as to say that. You were right on with your first short answer. By it's very definition, intrusion detection systems do just that, detect. A firewall in it's most basic form actually blocks, just like a physical firewall in a building, it's supposed to keep fire out. And yes you are correct that vendors are doing a lot to contribute to the confusion with all these all-in-one solutions (most of which simply don't work).

    Keatron
Sign In or Register to comment.