• Articles
  • Tutorials
  • Interview Questions

Firewall and Honeypot - Architecture and Types

How the intrusion detection system works:

Any network security plan should include intrusion detection and intrusion prevention system. An IDS will understand the content of packet headers such as flags, options, IP addresses, and ports. IDS monitors the intrusions and prevents the intruder from entering the system. IPS can detect the intrusion in an earlier stage itself and IPS(Intrusion prevention system) is used to stop the attack from happening. IDS mostly work based on pattern matching and detection of statistical anomalies.

Intrusion detection Approaches:

There are two types of IDS approach –

  • Host-based – software is installed in a single system and the data from that system is used to detect intrusions. It protects the specific computer. It also monitors the ports and triggers alerts in case of any intrusion occurs in the port.
  • Network-Based It is used to monitor multiple hosts to detect intrusions in multiple systems. Here IDS examines the packet headers also, this enables detection of DOS attacks.

Get 100% Hike!

Master Most in Demand Skills Now!

IDS Tools:

The most popular freeware of IDS is Snort which is used to perform real-time analysis of IP packets. Other tools for IDS are GFI LANGuard S.I.M, Tripwire. There are some commercial versions of IDS such as ISS real secure and GFI LANGuard S.E.L.M. Few IDS appliances are IntruShield, Cisco IDS, Top layer attack mitigator IPS, and Proventia IDS.

Architecture of Firewall:

There are different types of firewall architectures, broadly –

  • Packet-filtering firewalls – The packet filtering firewall creates a checkpoint at traffic router or switch, it checks the incoming data packets through the router. It is dropped if the information is mismatching. But these are traditional types and easy to bypass.
  • Stateful inspection firewalls – This firewall is a combination of packet inspection and TCP handshake verification to create a maximum level of protection. This might slow down the system.
  • Circuit-level gateways – This firewall works by verification of TCP handshake, it is ensured that the session is legitimate and not from an intruder. They do not check the packets though.
  • Application-level gateways (Proxy firewalls) – Operates on the Application layer to filter the incoming traffic between the network and traffic source. It connects to the source of traffic and inspects the incoming traffic. They perform deep layer inspection.
  • Next-gen firewalls – This firewall ensures deep layer inspection, surface-level packet inspection, and TCP handshake checks. They include IPS to prevent attacks.

Become a Cyber Security Expert

Honeypot & its Types:

Honeypot is a security mechanism that records all the actions, transactions, and interactions with users. They are used to track the attackers and defend the attacks. Based on their deployment types, it is classified into –

  • Production honeypots –  Easy to use but they capture only limited information. They are placed inside production networks to improve security.
  • Research Honeypots –Works better in gathering information about attackers. They research the threats of the organization and try to prevent the threats. These are complex to deploy and maintain.

Based on design criteria, the honeypots are classified into –

  • Pure honeypots – Activities are monitored using the honeypot’s installed link to the network.
  • High interaction – Multiple honeypots in a single system. More secure, difficult to detect, expensive to maintain.
  • Low interaction – Simulate the services of attackers.

Course Schedule

Name Date Details
Cyber Security Course 14 Dec 2024(Sat-Sun) Weekend Batch View Details
21 Dec 2024(Sat-Sun) Weekend Batch
28 Dec 2024(Sat-Sun) Weekend Batch

About the Author

Lead Penetration Tester

Shivanshu is a distinguished cybersecurity expert and Penetration tester. He specialises in identifying vulnerabilities and securing critical systems against cyber threats. Shivanshu has a deep knowledge of tools like Metasploit, Burp Suite, and Wireshark.