[Snort-users] SNORT vs Firewall
steve.shockley at ...1658...
Sat Mar 24 23:14:33 EST 2001
> i just wanted to know wats the difference between an IDS like
> snort and a FIREWALL.
The point of an IDS is to detect when suspicious traffic is passing by;
the point of a firewall is to prevent unauthorized traffic from getting
to its destination.
Comparing it to a house, a firewall would be analogous to a locked door;
however, it's still possible a thief could jimmy open a basement window,
so you don't want to rely only on this. An IDS outside your firewall is
like having video surveillance; you have a record of suspicious
characters who walk up and knock on your door. (The problem is picking
out who's suspicious.) An IDS inside your firewall is like having a
burglar alarm; it's telling you what suspicious traffic successfully
made it past your firewall.
Of course, without monitoring, an IDS is about as useful as a car alarm
in a mall parking lot.
More information about the Snort-users