[Snort-users] difference between the capability of snort and a dynamic firewall!??!?!!?

McCammon, Keith Keith.McCammon at ...3497...
Wed Aug 14 07:32:03 EDT 2002


Firewalls and IDS are fundamentally different safeguards.

The primary function of a firewall is to act as a network gateway, and to pass or drop traffic based on policy. 

The primary function of an IDS is to monitor traffic and/or logs and to send administrative alerts and/or log traffic based on policy.

Either one can be tied to the other.  Some IDS do have active response capability, in that they can respond to an alert by modifying firewall rules or resetting TCP connections.  Some firewalls also have IDS capability, but this is rare in comparison to IDS w/ active response.

In general, it's much better to have two independent systems.  The main reason for this is performance: The primary functions of an IDS are inspection and alerting; the primary functions of a firewall are inspection and routing.  And while these may seem to be very similar, but are really very different.

Just because some of the functionality may seem to overlap doesn't always mean that two independent systems should be combined.

Hope this helps...

Cheers

Keith

> -----Original Message-----
> From: funky [mailto:azimlinux at ...131...]
> Sent: Wednesday, August 14, 2002 9:32 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] difference between the capability of 
> snort and a
> dynamic firewall!??!?!!?
> 
> 
> 
> Hi,
> 
> What's the fondamental difference between Intrusion
> Detection Systems and a firewall!?!?!?
> 
> - I know that we can log the attempts that matches
> with the rules with snort and later if you see an
> attack in log , you can add some rules related to the
> firewall
> - we can look an the content (we can do that in
> dynamic(proxy) firewalls also!!)
> - We can make a dynamic rule match, what it is
> for?!?!? There isn't any dynamic rules in standart
> ruleset!?!??! Is it a difference from standart
> firewall?!?! if, what!??!
> 
> thanx
> 
> funky
> Istanbul
> 
> __________________________________________________
> Do You Yahoo!?
> HotJobs - Search Thousands of New Jobs
> http://www.hotjobs.com
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list