How an Intrusion Detection System in a Firewall Works

In the past, there were two main ways to protect your computers from malware: firewalls and an intrusion detection system. Traditionally, a firewall and an intrusion detection system use entirely different methods of protection.

A firewall only looks outward for potential intrusions. Firewalls limit the connectivity between networks as a measure of security, but they cannot alert you to an intrusion that has already breached them and gained access to your network. Almost everyone who uses a computer primarily at home has firewalls in place.

An intrusion detection system, also known as an IDS, evaluates and attacks viruses that have already made their way inside your defenses or that originate from within the system itself. This security method typically uses a sophisticated examination process that employs heuristics, patterns and signatures of common computer attack formulations to detect threats. As you can probably guess, people who use computers for business or who need to protect very sensitive data traditionally use intrusion detection systems in conjunction with firewalls for elevated network security.

However, this has all changed with innovations in antivirus software and internet security. Leading tech and antivirus firms such as Cisco now offer a combination firewall and intrusion detection system that is ideal for home and business computer users alike. An IDS in a firewall can protect both intranet and internet connections when extra security is needed. A firewall with an IDS is able to identify dozens of different types of attacks on computers by analyzing all sorts of misuse patterns on networks. The IDS within a firewall is familiar with a broad range of attack patterns and can seek out, identify and stop some of the most severe network attacks.

How an Intrusion Detection System in a Firewall Works

In a nutshell, an IDS works as an in-network sensor. As a sensor, it monitors all packets of information that are sent across the network. If one or several of these packets contain a match for one or more of the patterns or signatures of an attack the IDS has in its memory, it will take one of three actions. It will send an alarm signal to the NetRange director, reset the TCP connection or drop the packet – entirely preventing it from being sent over the network.

One of the best aspects of intrusion detection systems is that the actions they take against the types of computer attacks listed above are highly configurable. If you’re in a particular industry that works with sensitive data that is highly prone to a few types of attacks, you can specify that your intrusion detection system immediately drop any transmissions related to those types of attacks rather than just sounding an alarm.

The memory and performance impact of a firewall with an IDS should be minimal. However, the total impact will greatly depend on enabled features, traffic coming through the router and the router's platform.

Intrusion detection systems offer an advanced, highly specialized means of protection. Now that you can use a firewall that contains an IDS, this level of security is much more accessible to home and business users.

At TopTenREVIEWS We Do the Research So You Don’t Have To.™