IDS, Firewall and Antivirus: what you need to have installed?

[Batu69]

Often when we talk about the protective measures installed in devices to ensure safety, we have a wide variety of options from manufacturers and providers. Among them are three that appear to be the most frequently mentioned: IDS, firewall and antivirus.

But for many users, the variety of tools is often confusing, leaving them with questions. Which should they use? For this reason, it is important to know what each tool is, their differences and how they complement each other.

First, the definitions

When we speak about IDS we mean a system that will be in charge of monitoring the behavior of a network to detect and report any unauthorized intrusions, which can affect the integrity of the network. There is also the IPS, a very similar tool that detects intrusions but also has the ability to block or prevent access after its detection.

Additionally, antivirus solutions will allow detections of malicious code. A good antivirus solution must also detect when a file has some kind of malicious behavior to disallow execution, and thus prevent damage or theft of information.

Finally, a firewall is a security tool that lets you control network traffic. They generally filter network traffic between the Internet and a particular device, and can operate in two different ways: allowing all network packets and only blocking some considered suspect; or by denying all packets, only allowing those that are considered necessary.

Which one should be installed?

First, it must be noted that the use of each of the tools depends largely on where the system is located and the use made out of it. Furthermore, it is clear that they are complementary to each other.

An IDS monitors the network to detect when a system is engaging in suspicious activity by examining the network traffic and calls performed in the system. While the firewall will be set when a connection between two computers via the Internet is not in compliance with established security policies for the network environment. And the antivirus can control when a device or a particular file server tries to perform malicious activities that may affect the safety of its information.

In this way, a firewall can detect when an external attacker is trying to perform a malicious action, and can then take steps to avoid it. In addition, an antivirus solution provides the tools to prevent a file received via email, via a USB device or downloaded directly from the Internet to run any malicious action that puts the information at risk. And if this computer is on a network, an IDS can monitor the behavior of the other computers and provide an additional layer to detect any malicious activity.

Finally, besides having a good security infrastructure, it is very important to be properly qualified in how to work against these malicious activities and raise awareness among users of new threats. Otherwise, having the best antivirus solution or the most expensive firewall could be useless, if users are not careful about the information they provide on the Internet, or the passwords they are using. Responsible use of the information and devices will allow working environments to be more productive with different technologies in a safer way.

Credit to: http://www.welivesecurity.com/

[Nastrahl]

It's quite hard to find a free IDS unfortunately.

[stylemessiah]

Far too many , end users mostly, get a PC and go through setup of Windows and spend the rest of their lives logged into an account with admin privileges....theres the first issue, not creating a standard user account

Me, i dont use anything but a standard user account, a free AV (and hafl the time i have this turned off) and an old version of Comodo Firewall (before they ruined the gui and bloated it to death), and never use the IDS in that even. I have some software restriction rules and thats it. Once every other month ill scan it with malwarebytes and then forget about it for another month or two.. Havent had a virus or nasty in over 15 years.

Sometimes the answer isnt installing yet more crap on a PC, its setting up and using the PC properly.

Disclaimer: This may not work for 95% of end users who expect to turn on a PC and for it to do all the work for them....as i often say society is doomed, society is also lazy

[212eta]

It's quite hard to find a free IDS unfortunately.

Tell me about...

[Nastrahl]

Far too many , end users mostly, get a PC and go through setup of Windows and spend the rest of their lives logged into an account with admin privileges....theres the first issue, not creating a standard user account

Me, i dont use anything but a standard user account, a free AV (and hafl the time i have this turned off) and an old version of Comodo Firewall (before they ruined the gui and bloated it to death), and never use the IDS in that even. I have some software restriction rules and thats it. Once every other month ill scan it with malwarebytes and then forget about it for another month or two.. Havent had a virus or nasty in over 15 years.

Sometimes the answer isnt installing yet more crap on a PC, its setting up and using the PC properly.

Disclaimer: This may not work for 95% of end users who expect to turn on a PC and for it to do all the work for them....as i often say society is doomed, society is also lazy

There's no IDS in Comodo.

Personally I don't bother about a GUI I'll open… almost never once you have set the program up correctly. Their GUI were never nice looking though, but I still regret BlackICE and Tiny Firewall.