[Snort-users] SNORT vs Firewall

Steve Shockley steve.shockley at ...1658...
Sat Mar 24 23:14:33 EST 2001


> i just wanted to know wats the difference between an IDS like 
> snort and a FIREWALL.

The point of an IDS is to detect when suspicious traffic is passing by;
the point of a firewall is to prevent unauthorized traffic from getting
to its destination.

Comparing it to a house, a firewall would be analogous to a locked door;
however, it's still possible a thief could jimmy open a basement window,
so you don't want to rely only on this.  An IDS outside your firewall is
like having video surveillance; you have a record of suspicious
characters who walk up and knock on your door.  (The problem is picking
out who's suspicious.)  An IDS inside your firewall is like having a
burglar alarm; it's telling you what suspicious traffic successfully
made it past your firewall.

Of course, without monitoring, an IDS is about as useful as a car alarm
in a mall parking lot.






More information about the Snort-users mailing list