Friday, 29 April 2016

Understanding Firewall & IDS

Understanding Firewall & IDS

Business try to protect Their resources with a number of tools and devices. It is the Job of the Ethical Hacker to understand how they so that they can be fortified , if found vulnerable after an ethical hacking attack.

Firewall



What is Firewall ?

Firewall is an appliance or an application that controls the flow of traffic from private network to public network based on the rules configured. The Firewall acts a a barrier between secured internal network and public networks.
Newer Generation firewall can do much more than just controlling network traffic they can block unwanted websites, stop viruses from being download and also filter spam massages.

What are the functions of a Firewall ?

The Primary Function of a Firewall is to control the Flow of Traffic between different Network.

It also does Network Address Translation (NAT) for all requests coming from local (LAN) Networks going to the Internet and also checks whether this user or host is allowed to access the Internet.
For example, If a web page is requested by a local PC , then that requested has to be Natted to a public IP address and approve by the Firewall to reach the Internet. The response coming back from the webserver has to be accepted by the Firewall. Only then can the web page be displayed on the host.

Firewall can also handle Virtual Private Network (VPN) Connections to establish a secure communication channel between different network.

User authentication is also Firewall feature , used to verify users before giving access to resources on other networks.

Intrusion Prevention System


What is IDS ?

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
There are network based (NIDS) and host based (HIDS) intrusion detection systems. 

How does an IDS work

An Intrusion detection system (IDS) has attack signatures provided by the vendor. Every request Received by the IDS will be Compared against all the signature to identify a know attacks.

IDS also does a heuristic analysis to identify any malicious traffic patterns, but this requires the IDS to learn the normal traffic patterns, but this requires the IDS to learn the normal traffic patterns to a specific server or a specific service.

Span

Switched port Analyser (SPAN) also called as a port mirroring is a method of transmitting a copy of all packets received on one port of a network switch to another port for analysis.

Span has to be configured on the network switch to capture traffic On IDS for inspection.

IDS Tools

There are different IDS tools available, the most popular ones are Snort, OSSIM (Open Source Security Information Management) and Sguil.


No comments:

Post a Comment