Change search
ReferencesLink to record
Permanent link

Direct link
An Analysis and Comparison of The Security Features of Firewalls and IDSs
Linköping University, Department of Electrical Engineering.
2011 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

In last few years we have observed a significant increase in the usage of computing devices and their capabilities to communicate with each other. With the increase in usage and communicating capabilities the higher level of network security is also required. Today the main devices used for the network security are the firewalls and IDS/IPS that provide perimeter defense. Both devices provide many overlapping security features but they have different aims, different protection potential and need to be used together. A firewall is an active device that implements ACLs and restricts unauthorized access to protected resources. An IDS only provides information for further necessary actions, not necessarily perimeter related, but some of these needed actions can be automated, such as automatic blocking in the firewall of attacking sites, which creates an IPS. This thesis report analyzed some common firewall and IDS products, and described their security features, functionalities, and limitations in detail. It also contains the comparison of the security features of the both devices. The firewall and IDS perform different functions for the network security, so they should be used in layered defense architecture. The passwords, firewalls, IDSs/IPSs and physical security all together provide a layered defense and complement each other. The firewall and IDS alone cannot offer sufficient network protection against the network attacks, and they should be used together to enhance the defense-in-depth or layered approach.

Place, publisher, year, edition, pages
2011. , 87 p.
Keyword [en]
Firewall, Intrusion Detection, Anomaly, Access Control, Packet Inspection, Signatures, IDS
National Category
Computer Systems
URN: urn:nbn:se:liu:diva-72934ISRN: LiTH-ISY-EX--11/4537--SEOAI: diva2:463786
Subject / course
Information Coding
2011-12-08, Algoritmen, B 27-29, Linköping University, Linköping, 13:15 (English)
Available from: 2011-12-19 Created: 2011-12-11 Last updated: 2011-12-19Bibliographically approved

Open Access in DiVA

fulltext(1793 kB)2359 downloads
File information
File name FULLTEXT02.pdfFile size 1793 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Sulaman, Sardar Muhammad
By organisation
Department of Electrical Engineering
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 2359 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 757 hits
ReferencesLink to record
Permanent link

Direct link