Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
I don't think it really is a question of one or the other, as they serve different purposes. First of all, the intrusion-detection systems typically are passive systems that simply detect problems and perhaps alert someone. They do not block any traffic, or take active measures to stop an attack. A properly configured firewall can allow only certain types of traffic to pass, thus protecting the internal network from any number of malicious activities.
This is not to say that an IDS is not useful. Many IDS can correlate events over time and alert someone of an attack in progress. Firewalls tend to act on each packet without respect to what has happened previously. (This is an over simplification, as many firewalls can make decisions on what to let in based on what has gone out. For example, telnet into a secure network may not be permitted, but if the telnet was initiated from within, then the incoming part of the connection will be allowed.) The point is that an IDS and firewall serve different purposes, and I wouldn't want to see it as a choice between one or the other. However, if you can have only one, I would choose a firewall, as it has a chance of actually stopping an attack, whereas an IDS will only detect and alert.
For more information on this topic, visit these other SearchSecurity.com resources:
This was first published in July 2004