Firewalls versus Intrusion Detection

• Firewalls permit or deny traffic based on filtering rules

• Intrusion detection systems (IDSs) only save and mark certain packets as suspicious; do not take action

• Some firewalls issue alterts when packets are dropped and most firewalls log all drops

• IDSs identify all suspicious packets, many of which turn out to be acceptable; firewall drop rules are more specific

New

Not in the book

Previous slide

Next slide

Back to first slide

View graphic version