What is the difference between a Firewall and a Intrusion Detection System?
A firewall is a device installed normally at the perimeter of a network to define access rules for access to particular resources inside the network. On the firewall anything that is not explicitly allowed is denied. A firewall allows and denies access through the rule base. An Intrusion Detection System is a software or hardware device installed on the network (NIDS) or host (HIDS) to detect and report suspicious activity. In simple terms you can say that while a firewall is a gate or door in a superstore, a IDS device is a security camera. A firewall can block connection, while a IDS cannot block connection. An IDS device can however alert any suspicious activities. An Intrusion Prevention System is a device that can start blocking connections proactively if it finds the connections to be of suspicious in nature.
Related Questions
- I already have a firewall and a Network Intrusion Detection system (NIDS) at my perimeter. Do I still need Primary Response to protect my server-based applications?
- Are a firewall and Intrusion Detection System (IDS) required for a SIPRNET connection?
- What is the difference between intrusion detection and intrusion prevention?
