Question

You are an IT company and want to get a travel agency's network design, hardware, software, and security. What’s the difference between IDS and Firewall? What is a promiscuous mode in IDS? What is an in-line mode in IDS? When is appropriate to use one or the other in your network? Specific to a travel agency what firewall & IDS vendors’ such as Palo Alto Networks, Check Point, Cisco, etc., and select product(s) suitable for the travel agency. Justify your selection.

NOTE Please be specific to a travel agency.

Answer 1

Dear Student,

• A firewall will block the access to your network by screening traffic and deciding which packets should be allowed in.
• The experts compare it to a security guard deciding who can get clearance.
• The firewall monitors the ports that connect your network to the Internet and checks data packets before allowing them to pass through.
• A firewall can accept a packet, drop it -- erasing it from existence -- or deny it, returning it to the sender.

V/S

• If firewalls are security guards, intrusion detection systems (IDS) are security cameras.
• An IDS monitors traffic and spots patterns of activity, alerting you if it sees that your network is under attack.
• Signature detection compares network or system information to attacks already listed in the IDS database.
• Anomaly detection compares current network traffic to the normal levels of packet size or activity and analyzes the result statistically.
• If network traffic suddenly shoots up to a high level, for instance, that could indicate a hacking attack.

PROMISCOUS MODE :

• In a IDS, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety.
• This mode of operation is sometimes given to a network snoop server that catch and saves all packets for analysis (for example, for monitoring network usage).
• In an Ethernet local area network (LAN), promiscuous mode is a mode of operation in which every data packet transmitted can be received and read by a network adapter
• Promiscuous mode must be supported by each network adapter as well as by the input/output driver in the host operating system. Promiscuous mode is often used to monitor network activity.

IN-LINE MODE :

• In inline mode, traffic passes into one of the appliance’s Ethernet ports and out of the other.
• When two sites with inline appliances communicate, every TCP connection in between them is accelerated. All other traffic is passed through transparently, as if the appliance were not there.
• Configuration is lowered with inline mode, because your WAN router need not be aware of the appliance’s existence.
• Depending upon the configuration, inline mode’s link-down propagation can affect management access to the appliance if a link goes down.
• Inline mode is most effective when applied to all traffic flowing into and out of a site, but it can be used for only some of the site’s traffic.

(BASED ON THIS THEORY, The Travel Agency can select the appropriate Systems as per the requirement )

Hope This Helps.

All The Best