Question

1. Discuss the differences between the use of ACLs versus the use of firewalls for network security. In what situations would the use of ACLs be an advantage over using a hardware firewall?

2. Discuss the differences between an IDS and an IPS. Discuss examples of organizations who might want to implement an IPS over an IDS.

Answer 1

Discuss the differences between the use of ACLs versus the use of firewalls for network security. In what situations would the use of ACLs be an advantage over using a hardware firewall?

Firewalls

• Firewalls are responsible for blocking the incoming traffic from the attackers based on some protocols or IP addresses
• Purpose of firewall

1.      The main purpose of firewall is to examine and analyse the incoming packets and make decisions about them.

ACL

• ACL is Access Control List.
• An access control list is a table which informs the operating system of the computer which user has an access rights to use the computer system.
• It is a table with several entries describing each system user with their access privileges.
• Purpose of ACL

1.      It filters the traffic on an interface

2.      It can distribute list to filter routing updates

3.      It can identify interesting traffic

4.      It can use policy based routing for taking the routing decisions.

Explanation:

Firewall

• Firewall detects the blocked network traffic and maintains the log details.
• Firewalls are responsible for blocking the incoming traffic from the attackers based on some protocols or IP addresses.
• Firewalls are used as a network security device which monitors the traffic of the network and blocks or allows the traffic based on some predefined rules.
• There are mainly 2 types of firewalls

1.      Host based firewall- This type of firewall is installed on the individual server of the system.

2.      Network based firewall- It is installed into the cloud infrastructure which acts as a virtual firewall service

• Thus, a firewall acts as a "gatekeeper" system which protects the computer network and other intranets of a company by providing a filter and safe transfer point for accessing the Internet and other networks.

Difference between ACL and Firewall.

• ACL is Access Control List, used for several purposes as filtering the packets, distributing list for filter routing updates, for identifying the upcoming packets etc.
• Access control list is used to identify the packets and allow or deny a packet to pass through an interface.

• A Firewall is a device whose purpose is to analyse the data traffic as a part of a network and based on this analysis, it decides which packets are allowed to pass through the network and which packets are to be denied.

• A Firewall is designed for a specific purpose whereas an access control list(ACL) may have more than one purposes.

• ACL checks the packets without knowing about its route of origination;. It simply analysis the packets without any idea of where it has come from. Therefore, ACL performs stateless inspection.

• Firewalls performs stateful inspection in a way that it checks the type of the packet and also the route of packet origination.

Discuss the differences between an IDS and an IPS. Discuss two examples of organizations that might want to implement an IPS over an IDS.

IPS is an abbreviation for intrusion detection system which is meant to inspect the traffic flow in a network and thus block any kind of malicious traffic while on the other and hand IDS which is an abbreviation for intrusion detection system is meant to detect malicious traffic in a network. IPS can be used in large organization while on the hand IDS is meant for small organizations that have a small network