User manual
Firewall
153
Read on to find out how using an IDS can benefit your network’s security, or skip ahead
to the Basic or Advanced Intrusion Detection section for an explanation of configuration
options.
The benefits of using an IDS
External attackers attempting to access desktops and servers on the private network
from the Internet are the largest source of intrusions. Attackers exploiting known flaws in
operating systems, networking software and applications, compromise many systems
through the Internet.
Generally firewalls are not granular enough to identify specific packet contents that signal
an attack based on a known system exploit. They act as a barrier analogous to a
security guard screening anyone attempting to enter and dismissing those deemed
unsuitable, based on criteria such as identification. However identification may be
forged. On the other hand intrusion detection systems are more like security systems
with motion sensors and video cameras. Video screens can be monitored to identify
suspect behaviour and help to deal with intruders.
Firewalls are often easily by-passed through well-known attacks. The most problematic
types of attacks are tunnelling-based and application-based. The former occurs when an
attacker masks traffic that should be normally screened by the firewall rules by
encapsulating it within packets corresponding to another network protocol. Application-
based attacks occur when vulnerabilities in applications can be exploited by sending
suspect packets directly with those applications.
These attacks can potentially be detected and prevented using an intrusion detection
system.
Basic Intrusion Detection and Blocking (IDB)
Click the IDB tab to configure basic Intrusion Detection and Blocking (IDB).