What’s the difference between Intrusion Detection and Firewall?

Intrusion Detection and Prevention Systems are commonly mistaken for a firewall or as a substitute for a firewall. While they both relate to network security, there is a big difference.  An IDPS is not a replacement for either a firewall or a good antivirus program. Rather, it is used in conjunction with your standard security products to increase your system specific or network-wide security.

A firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network.   When you have inbound Internet traffic, at some point you will have to open a hole through your firewall.

An Intrusion Detection and Prevention System evaluates a suspected intrusion once it has taken place, signals an alarm, and makes attempts to stop it. It watches for attacks specifically designed to be overlooked by a firewall’s filtering rules.

An IDP has a database of signatures of attacks on specific applications. To protect your network, we configure the IDP to the specific applications that you need to let into your network from the Internet. When an attacker attempts to access your server using a signature attack from our database, the attack is stopped and logged. Therefore, the key to a successful IDP installation is that it has a large signature database and that database is updated on a regular basis.

Juniper IPD Products

The Juniper hardware IDP products we use support a database with thousands of attack signatures. Juniper delivers IDP signatures via two different product vehicles. One is a software license and add-on to their firewall product line. This IDP is called Deep Inspection. It provides a database of approximately 250 – 500 signatures for the most common servers that small and medium sized businesses implement.  The second is a hardware IDP platform. This IDP runs on its own dedicated server.

Find more details abut our security products on our Security Products page.