·         Firewall - A device or application that analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected.



·         Intrusion Detection System - A device or application that analyzes whole packets, both header and payload, looking for known events. When a known event is detected a log, message is generated detailing the event.



·         Intrusion Prevention System - A device or application that analyzes whole packets, both header and payload, looking for known events. When a known event is detected the packet is rejected.

The line is blurring somewhat as technological capacity increases, platforms are integrated, and the threat landscape shifts.

  • Firewall - a traditional firewall is the rules-based engine that analyzes packet header on protocol type, source address, destination address, source port, and/or destination port. If the Packets are not match with firewall rules, packets will be dropped. There is something called a Next Generation Firewall (NGFW). This can make a single device act as both a traditional Firewall and IPS.
  • Intrusion Detection System (IDS) - An IDS is designed to analyzes whole packets, both header and payload, looking for known events. When a known event is detected a log, message is generated detailing the event. The IDS contain a database of known attack signatures and it compares the inbound traffic against to the database. If an attack is detected, then the IDS reports the attack. The main function of an IDS product is to warn you of suspicious activity taking place but not prevent them. The major flaw is that they produce a lot of false positives.
  • Intrusion Prevention System (IPS)- The IPS sits between your firewall and the rest of your network. Because, it can stop the suspected traffic from getting to the rest of the network. The IPS monitors the inbound packets and what they are really being used for before deciding to let the packets into the network. An IPS will inspect content of the request and be able to drop, alert, or potentially clean a malicious network request based on that content. The determination of what is malicious is based either on behaviour analysis or using signatures.
  • A firewall is a rule-based engine, But IDS also use own huge database to detect intrusion. An IDS evaluates a suspected intrusion once it has taken place and warns to administrator. An IDS also watches for attacks that originate from within a system. An IDS is not a replacement for a firewall or a good antivirus program. An IDS should be considered a tool to use in conjunction with your standard security products (like anti-virus and a firewall) to increase your system specific or network-wide security. So, I hope we can’t replace an IDS device by a firewall.