Heh.
If we were to take the most simple and basic of examples of both these
security technologies, we'd be able to form a 'scenario' of both the IDS and
firewall.
Firewall is like the bouncer at the front door of a night club ("the
network"). He/She either lets people in, or rejects them according to
criteria ("allow/deny rules" etc) dictated by his management. He doesn't get
to check out what's going on inside the club though.
An Intrusion Detection System is like a Journalist inside the night club.
He's got a video camera and he's recording everything that is happening
around him within the club.
Now, let's say someone ("a hacker" ) approaches the front door of this night
club - and this person has no legitimate entrance rights. He might say
"look, bouncer. I've got a pass. Let me in." or "look! A bird"...regardless
of how he evades the bouncer...lets presume the bouncer accidentally let's
him into the night club. Most likely though, the clubber (hacker) has snuck
in through a window by the side of the building. Well, once our "hacker" in,
the bouncer just continues doing his job and does not even know what's
happening on the inside.
Meanwhile the Journalist (IDS) is sitting by the bar. Our journalist notices
this Mr Hacker guy behaving strangely. First of all he isn't dressed
appropriately (packet spoofing?) , Mr Hacker repetitively keeps on glancing
around at the furniture, ways to get in/out, and staring at everyone
(scanning). Well, this journalist has been trained to take notes of these
things, so he whips out his PAD and furiously starts scribbling down notes.
There are variations to this kind of "scenario", but like has been mentioned
- you are best to look through sites such as :
Securityfocus.com
Cert.org
Robertgraham.com
Networkintrusion.co.uk
Nss.co.uk <-- has a great IDS analysis of IDS products out there, in PDF
format
Securityportal.com
Trusecure.com
Alternatively look through the Archive, which will also have very valuable
information as this kind of question gets repeated often.
Nigel Hedges
Computer Associates
Technical Consultant
Email: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
