|
I don't think it really is a question of one or the other, as they
serve different purposes. First of all, the intrusion-detection systems
typically are passive systems that simply detect problems and perhaps
alert someone. They do not block any traffic, or take active measures
to stop an attack. A properly configured firewall can allow only certain
types of traffic to pass, thus protecting the internal network from
any number of malicious activities.
This is not to say that an IDS is not useful. Many IDS can correlate events
over time and alert someone of an attack in progress. Firewalls tend to
act on each packet without respect to what has happened previously. (This
is an over simplification, as many firewalls can make decisions on what to
let in based on what has gone out. For example, telnet into a secure
network may not be permitted, but if the telnet was initiated from within, then the incoming part of the connection will be allowed.) The point is that an IDS and firewall serve different purposes, and I wouldn't want to see it as a choice between one or the other. However, if you can have only one, I would choose a firewall, as it has a chance of actually stopping an attack, whereas an IDS will only detect and alert.
For more information on this topic, visit these other SearchSecurity.com
resources:
Guest Commentary: IDS and IPS: Information security technology working together
Network Security Tip: Choose the right firewall topology
On-demand webcast: Application-layer firewalling: Raise your perimeter IQ
|
