The combination of hardware and software that selectively allows communication between a computer and a network is known as a firewall (Fithen, Allen & Stoner, 1999). It inspects the traffic during a network communication and blocks or permits passage depending on a given set of rules. The term Intrusion Detection and Prevention Systems (IDPS) refers to both Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
Intrusion Detection is a process of monitoring the activities occurring in a computer network and determining if they are in violation of standard security policies. The software that automatically carries out the process is known as IDS. IPS is able to carry out the intrusion detection process and can try to stop the intrusion/violation (Scarfone & Mell, 2007).
Various firewall arrangements can be used for multitier applications accessible from the World Wide Web and from an internal network. Multitier web applications of moderate complexity are segmented into three tiers.
The first tier is made up of the presentation components that are accessible directly by end users. The second tier is composed of middleware components that execute the end users’ requests. End users cannot access them directly. The third tier consists of data components. They are the most sensitive and are hosted by databases or directory servers.
Firewall deployment is based on three strategies. The first strategy is the single firewall strategy, which is used to protect all the three tiers from the internet and internal network. All the communication going in and out of the three tiers goes through a single firewall. The firewall offers equal protection to all the servers but can subdivide the network into different subnets and offer different protection level to the subnets.
Firewall in series strategy is whereby several firewalls are deployed to eliminate reliance on a single firewall. The firewalls are deployed one behind another and therefore the more sensitive tiers are behind more firewalls. For example, the data components tier would be behind both the firewall protecting it and the one protecting the middleware components and presentation components. The last strategy is the hybrid strategy, which uses only two firewalls.
Either presentation servers and middleware servers or data servers and middleware servers are grouped together. Although two tiers are grouped together, they remain under dedicated subnets. In the first grouping, presentation servers and middleware servers are behind one firewall while data servers are behind two firewalls. All firewall arrangements are on the internal side of a router.
IPS is always deployed inlinewhile IDS can be deployed inline or out-of-band. When connected out-of-band, it uses a hub, a spanning port or a network tap. Deploying both ISP and IDS is more beneficial and to do this, a router must be introduced. The IPS is connected on the external side of the router and the IDS is connected in internal side of the router either inline or out-of-band (Pappas, 2008). The IDS placed on the inside section of the edge router allows analyzing of communication within the internal network.
The use of firewalls and IDPS is beneficial. Firewalls block network traffic that may be violating the security policy of an organization. Such traffic may include viruses, spam, email bombs and unwanted material. IDPS detect and stop malicious incidents that would compromise security of a given computer system. They can detect when an attacker has compromised the system and stop suspicious file transfers. By identifying reconnaissance activities, they can prevent eminent future attacks.
Fithen, W.L., Allen, J.H. & Stoner, E., (2008). Deploying firewalls. Software Engineering Institute. Web.
Pappas, N. (2008). Network IDS and IPS deployment strategies. SANS institute. Web.
Scarfone, K., & Mell, P. (2007). Guide to intrusion detection and prevention systems(IDPS). Computer security resource center. Web.