[Snort-users] Firewall vs IDS

Brian M. Diehl bdiehl at ...7394...
Mon Apr 28 10:03:04 EDT 2003


I don't have any whitepapers or such.  A firewall will restrict access
to selected ports and selected IP addresses to those ports.  A IDS box
looks at all the traffic coming across the wire and matches it to a sig
base.  Why would you want both?  Well a perfect example is IIS (Web
server - port 80) and things like CMD access attempts, code red, nimda
etc.  On your firewall you allow port 80 because you are running a web
server.  But what if someone was trying to hack your web server? If you
have an IDS box right AFTER your firewall, you now have the chance to
tell that someone was attempting to break into your web server.  

HTH,

--Brian.




More information about the Snort-users mailing list