Discuss the differences between the use of ACLs versus
the use of firewalls for network security. In what situations would
the use of ACLs be an advantage over using a hardware
firewall?
Firewalls
- Firewalls are responsible for blocking the incoming traffic
from the attackers based on some protocols or IP addresses
- Purpose of firewall
1. The main purpose of
firewall is to examine and analyse the incoming packets and make
decisions about them.
ACL
- ACL is Access Control List.
- An access control list is a table which informs the operating
system of the computer which user has an access rights to use the
computer system.
- It is a table with several entries describing each system user
with their access privileges.
- Purpose of ACL
1. It filters the traffic on
an interface
2. It can distribute list to
filter routing updates
3. It can identify
interesting traffic
4. It can use policy based
routing for taking the routing decisions.
Explanation:
Firewall
- Firewall detects the blocked network traffic and
maintains the log details.
- Firewalls are responsible for blocking the incoming traffic
from the attackers based on some protocols or IP addresses.
- Firewalls are used as a network security
device which monitors the traffic of the network and
blocks or allows the traffic based on some predefined rules.
- There are mainly 2 types of
firewalls
1. Host based
firewall- This type of firewall is installed on the individual
server of the system.
2. Network based
firewall- It is installed into the cloud infrastructure which
acts as a virtual firewall service
- Thus, a firewall acts as a "gatekeeper" system
which protects the computer network and other intranets of
a company by providing a filter and safe transfer point for
accessing the Internet and other networks.
Difference between ACL and Firewall.
- ACL is Access Control List,
used for several purposes as filtering the packets, distributing
list for filter routing updates, for identifying the upcoming
packets etc.
- Access control list is used to identify the packets and
allow or deny a packet to pass through an interface.
- A Firewall is a device whose purpose is to
analyse the data traffic as a part of a network and based on this
analysis, it decides which packets are allowed to pass through the
network and which packets are to be denied.
- A Firewall is designed for a specific
purpose whereas an access control list(ACL) may
have more than one purposes.
- ACL checks the packets without knowing about
its route of origination;. It simply analysis the packets without
any idea of where it has come from. Therefore, ACL performs
stateless inspection.
- Firewalls performs stateful inspection in a way that it
checks the type of the packet and also the route of packet
origination.
Discuss the
differences between an IDS and an IPS. Discuss two examples of
organizations that might want to implement an IPS over an
IDS.
IPS is an abbreviation for
intrusion detection system which is meant to inspect the traffic
flow in a network and thus block any kind of malicious traffic
while on the other and hand IDS which is an abbreviation for
intrusion detection system is meant to detect malicious traffic in
a network. IPS can be used in large organization while on the hand
IDS is meant for small organizations that have a small
network