--Originally published at That Class Blog
This entry is not addressed to regular computer users, but more specifically to engineering students or people interested in network’s security, as the concepts are not that regular. This entry’s topic is the security of the network’s enterprise.
Virtual Private Network
This first category isn’t that much complex, as Virtual Private Networks (VPNs), are more and more widely used by the general users. So I won’t be talking a lot about this. VPNs are a method used by enterprises to connect and access an internal network from the outside, using a more secure network and an encrypted one.
Intrusion Detection Systems
Intrusion Detection Systems (IDS) main function is to aid the administrator in the detection of the type of attack that is being carried to the system. Usually, the IDS also help the administrator find and execute a solution to the problem as well as a plan of action on future detections. These systems trace and record logs, signature and triggered events. Usually, the IDS is attached to the firewall (Which I’m speaking down below) and the network router.
The most popular IDS tools I found are Snort and Cisco Network-Based IDS. Both successfully notify the user real-time, the signatures of attacks made to the network. The main advantage of Cisco IDS is the results obtained in the aftermath of the events (Reassembly of IPs and TCP sessions) and Cisco continuous support to the client. Meanwhile, Snort is open-source, cheaper to implement (Hardware wise), and flexible (Only requires Linux) and has multiple modalities where it can be implemented.
Firewalls, also called Intrusion Detection Devices, are software or applications that work directly in the network layer. As most of us already know, the firewalls protect the internal network users from the rest of the world, and vice versa. The rules set in the firewall can block specific functionalities and applications if the port is marked as prohibited. They also can redirect incoming requests from one port to another. When a block or a forwarding is made, a log it generated so the administrator can oversee the data that it’s being affected by the rules. usually, the firewall is located after the incoming data is processed by the router.
As I found out, the most common firewalls are Cisco ASA and Sophos. Overall I found people prefer Sophos firewalls. Basically, because Cisco ASA only works for people who can’t get out of the traditional enterprise comfort zone. This means that if you want to implement a not that usual functionality, ASA won’t be enough.
Cisco IDS vs SNORT discussion thread at CISCO support: Cisco IDS vs SNORT.
Firewalls discussion thread at Spiceworks: Sophos vs SonicWall vs Cisco ASA vs Fortinet.