IDS, Firewall and Antivirus: what you need to have installed?

What's the difference between IDS, firewalls and antivirus? This guide should explain how they complement each other in a balanced security setup.

What’s the difference between IDS, firewalls and antivirus? This guide should explain how they complement each other in a balanced security setup.

Often when we talk about the protective measures installed in devices to ensure safety, we have a wide variety of options from manufacturers and providers. Among them are three that appear to be the most frequently mentioned: IDS, firewall and antivirus.

But for many users, the variety of tools is often confusing, leaving them with questions. Which should they use? For this reason, it is important to know what each tool is, their differences and how they complement each other.

First, the definitions

When we speak about IDS we mean a system that will be in charge of monitoring the behavior of a network to detect and report any unauthorized intrusions, which can affect the integrity of the network. There is also the IPS, a very similar tool that detects intrusions but also has the ability to block or prevent access after its detection.

Additionally, antivirus solutions will allow detections of malicious code. A good antivirus solution must also detect when a file has some kind of malicious behavior to disallow execution, and thus prevent damage or theft of information.

Finally, a firewall is a security tool that lets you control network traffic. They generally filter network traffic between the Internet and a particular device, and can operate in two different ways: allowing all network packets and only blocking some considered suspect; or by denying all packets, only allowing those that are considered necessary.

Which one should be installed?

First, it must be noted that the use of each of the tools depends largely on where the system is located and the use made out of it. Furthermore, it is clear that they are complementary to each other.

An IDS monitors the network to detect when a system is engaging in suspicious activity by examining the network traffic and calls performed in the system. While the firewall will be set when a connection between two computers via the Internet is not in compliance with established security policies for the network environment. And the antivirus can control when a device or a particular file server tries to perform malicious activities that may affect the safety of its information.

In this way, a firewall can detect when an external attacker is trying to perform a malicious action, and can then take steps to avoid it. In addition, an antivirus solution provides the tools to prevent a file received via email, via a USB device or downloaded directly from the Internet to run any malicious action that puts the information at risk. And if this computer is on a network, an IDS can monitor the behavior of the other computers and provide an additional layer to detect any malicious activity.

Finally, besides having a good security infrastructure, it is very important to be properly qualified in how to work against these malicious activities and raise awareness among users of new threats. Otherwise, having the best antivirus solution or the most expensive firewall could be useless, if users are not careful about the information they provide on the Internet, or the passwords they are using. Responsible use of the information and devices will allow working environments to be more productive with different technologies in a safer way.

Image Credit: © Nick Stenning / Flickr

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center