Question

Why would businesses need to have both firewalls and IDS and IPS to protect security? Give specific examples of features that firewalls can do but IDS/IPS cannot and also vice versa.

PLEASE EXPLAIN IN DETAIL, AND ALSO PROVIDE REFERENCES. THANK YOU.

Answer 1

Business need to have both firewall and IDS and IPS to protect security --

• IDS stands for Intrusion detection system. and IPS stands for Intrusion prevention system.
• IDS -- It is a software application which helps to analyze and moniter information system of the organization's network to identify security breaches, malcious activity and vulnerabilities.
• For example -- Buffer overflow attack.
• IPS - It is application that identify critical layer of defense which has important requirenment to protect and monitor network from harmful traffic like cyber threat which is passing through your firewall.
• IDS/IPS - behind the firewall identify and catches thousands of threats which is passing through your firewall and also catch the threat and try to leave the network.
• IDS/IPS should be updated regularly and make sure that it is being monitor 24 hours.
• IDS/IPS store the information which is needed to be analyed and reporting at later date.
• By using IDS/IPS, the organization can identify attempts by attackers to compromise system, data and applications by deploying network IDS.  
• The IDS/IPS configure internal security policies at network level of the organization.
• For example -- if you are using one VPN, then you can use the IPS to block the traffic.

Specific example of features can do but IDS/IPS can not --

• The IPS identify and inspect request and be able to drop, alert and clean malicious network request which is based on the content.
• And the Firewall block traffic based on the network information like - IP address, network protocol and network port. it make decision which is based on the state of network connection.
• The traffic pattern of IDS/IPS is analyed wheras traffic pattern of firewall is not analyed.
• The unauthorized traffic is blocked by the firewall.
• and in IPS/IDS, unauthorized traffic is detected and and alert on detection on anomly.
• Firewall allow permission and blocks traffic by the protocol rules.
• In IPS/IDS, it has signature detection, zero day attacks, blocking the attack, monitoring and take action on anomly based detection.