Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS/IPS vs firewall

Hello friends,

Can any one tell me between IDS/IPS and firewall security, which is Prefarable and few features about why one is better than the other pls

thanks

1 REPLY

Re: IDS/IPS vs firewall

With the current network security trend, having firewall alone will not secure your network entirely. Cisco is recommending layered security model where you have different security device guarding or provide security at different level.

IDS/IPS provide deep packet inspection for traversing network traffic. The simple one is spyware embedded in your http/www traffic. Firewall alone is not effective/ cannot block this. Same goes to detecting malicious contents like trojans, hacking scripts and so on.

Firewall, on the other hand, narrow down who can talk to who via which tcp/udp service port. But it cannot do stuffs like IDS/IPS. Basically, it uses stateful inspection and ACL to permit/deny the access (source/destination IP/ports), plus other feature like anti-spoofing and control max connection and embryonic sessions to servers/resources/clients.

It's recommended to have both in place, either in a pizza box like Cisco ASA series where you have firewall and IPS/SSM services running together, or, you can also have them running in separate box (depends on requirements).

But, if you have limited option and can only choose either Firewall or IDS/IPS, you probably need to get Firewall before IDS/IPS. This at least helps you to control access in & out of your network with more advanced features compared to router.

Firewall like PIX, however, has IDS feature but limited to less than 60 well-known signatures only.

HTH

AK

2143
Views
0
Helpful
1
Replies