Scribd
Upload
11 views

NIS_prep_Unit_4

This document provides an overview of Firewalls and Intrusion Detection Systems (IDS). It explains the concept, purpose, types, and limitations of firewalls, as well as the function and types of IDS, including their detection techniques. Key terms such as DMZ and firewall policies are also defined, highlighting their roles in network security.

Uploaded by

pandablue901
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

NIS_prep_Unit_4

This document provides an overview of Firewalls and Intrusion Detection Systems (IDS). It explains the concept, purpose, types, and limitations of firewalls, as well as the function and types of IDS, including their detection techniques. Key terms such as DMZ and firewall policies are also defined, highlighting their roles in network security.

Uploaded by

pandablue901
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

UNIT 4: Firewall and Intrusion Detection System

(IDS).

4.1 Firewall

Concept:

A firewall is a security system (hardware/software) that monitors and controls incoming


and outgoing network traffic based on security rules.

Purpose:

• Acts as a barrier between trusted and untrusted networks.


• Blocks unwanted access, allows safe communication.

Types:

1. Packet Filtering Firewall – Filters packets based on IP, port, protocol.


2. Proxy Firewall – Works as an intermediary between user and internet.
3. Stateful Inspection Firewall – Tracks connection state and decides based on the
traffic flow.

Analogy:

Think of a security guard at a building gate:

• Checks ID (IP address) of people entering/leaving.


• Allows only trusted people based on a list (rules).

4.2 Firewall Policies, Configuration, Limitations, DMZ

Firewall Policies:

• Allow/Deny traffic based on:


o IP address
o Port number
o Protocol type

Configuration:

• Setup IP filters
• Define security levels
• Create exceptions (e.g., allow internal server access)
Limitations:

• Cannot detect internal attacks (like an infected USB)


• Cannot protect if configuration is wrong
• Cannot scan encrypted traffic deeply

DMZ (Demilitarized Zone):

• A separate network zone between internal and external networks.


• Hosts public servers (like web servers) here to reduce risk to internal systems.

Analogy:

• Firewall = Gate security checking visitors


• Policy = Rulebook for the guard
• DMZ = Visitor room outside your home, not your living room

4.3 Intrusion Detection System (IDS)

Concept:

IDS monitors a network/system to detect suspicious activities or policy violations.

Types:

1. Host-Based IDS (HIDS) – Monitors one specific system.


2. Network-Based IDS (NIDS) – Monitors network traffic across multiple systems.

Detection Techniques:

• Signature-Based: Looks for known attack patterns.


• Anomaly-Based: Detects unusual behavior.

Limitations:

• Can't block traffic (only detects)


• May give false alarms (False Positives)

Analogy:

IDS is like a security camera:

• It watches everything.
• If it sees something unusual, it alerts but doesn’t stop the thief.
QUICK RECAP NOTES (SAVE FOR REVISION):
• Firewall = Filters traffic, blocks/permits based on rules.
• Types: Packet Filter, Proxy, Stateful
• Policy = Rules for blocking/allowing data
• DMZ = Public zone to isolate external-facing servers
• IDS = Detects intrusions, doesn’t block
o HIDS = Single system
o NIDS = Whole network
o Signature vs. Anomaly based

You might also like