Fill This Form To Receive Instant Help
Fill This Form To Receive Instant Help
Homework answers / question archive / Both a firewall and a honeypot can function as an IDS
Both a firewall and a honeypot can function as an IDS. While the firewall's main purpose is typically to establish a barrier between two networks to control traffic, the honeypot is a unique type of IDS providing other functionality. One of your clients has asked you if they need to install both, or will one of them alone provide adequate protection for their network?
Briefly analyze and discuss the benefits and drawbacks of each of the possible configurations (for example, firewall only, honeypot only, both firewall and honeypot) and answer your client's question on the need for both.
Answer a classmate
Hello Professor and Classmates,
A firewall is a device installed between your internal network and the rest of the network. It will filter and forward. Firewalls monitor the flow of traffic between networks and the outside world. They have advantages and disadvantages but should always be used. A firewall is as only good as its configuration.
Advantages
It can block email and combat SPAM.
It can restrict access from both the outside and inside the organization.
It can act as a router of your data between networks.
It can Audit and log all traffic.
Disadvantages
It can't protect data through social engineering
It can't protect against what is allowed or permitted.
It can't stop attacks from traffic that does not go through them.
It can't stop or secure tunneling attempts.
It can be configured so strict you lose operational functionality. (People often don't consider the firewall itself your own enemy)
A Honeypot is a network-attached decoy that lures attackers with data that is irrelevant (it should be!!!) to protect your assets and network and buy you time. Often a honeypot created is a server, application or a database that is loaded with lots of nothing. Large companies and most governments at all levels deploy these to harden their networks.Using a honeypot does work as an IDS because when you realize your data on "how to build a snowman in the desert" is discovered, copied and stolen you will know there is someone lurking in your network. These can be put outside the firewall of your network. Viewing the audit trails of your honeypot is your IDS. Our infrastructure uses VMs as honeypots since they are easy and cheaper to deploy. My favorite is the Malware Honeypot, its like a sweet taste of their own medicine dosed back.
Advantages
Less false positives
Cheaper than a network or lots of host based IDS implementation
Captures malice
Disadvantages
Only works when there is an attempt to collect data
Experienced and pro hackers can often recognize when they stumble upon one
It is still a risk, low but still a risk with access
I would suggest implementing both to have protection. I would instruct my client to have inside and outside protection. We should place a Honeypot on the outside and a firewall on the inside. The more armor you have the better.
HONEYPOTS & FIREWALLS
Introduction
Security is one of the major aspects of any system and needs to be well structured and implemented for its effectiveness. Building up a secure system simply implies additional several layers of protection to the system. Having these layers of protection will automatically reduce the chances of intrusion by an attacker. This can be done through the implementation of firewalls and a honeypot.
Firewall
A firewall is a security device that may be informed of hardware or software, which offers protection to your network through filtration of traffic and prohibiting any outsiders from unauthorized access to your resources. It, therefore, acts as a gatekeeper. Some of the advantages of implementing a firewall are that: it prevents hacking by monitoring and analyzing network traffic, it stops spyware and virus attacks into your system, and promotes privacy by helping in access controls from both within and outside the organization. Some of the disadvantages are: Both installation and maintenance are costly, they can limit computers’ overall performances especially if the firewalls are Softwares, they may require special staff for operating them due to their complex operations, even though they protect the systems from malware attacks, the malware might pass through as trusted data and therefore it is important to have anti-malware software installed on computers.
Honeypot
On the other hand, a honeypot is a security mechanism that creates a virtual trap to lure attackers. It's normally a virtual machine created that distracts the attackers from the sensitive data. Some of the advantages of the honeypot are: The security personnel in the organization can identify the attackers and monitor their patterns, it wastes the attackers time as he/she struggles to gain access to the wrong resources, and finally, an attacker is likely to get frustrated which might lead him/her from accessing the actual data in the system. Some of the disadvantages include: once the honeypot is accessed by the attackers, it could be utilized by them to further their attacks into the systems, Setting up a duplicate of the actual system may require more hardware which also requires Maintainance thus it is costly. Finally, the honeypot will only detect the activities directed to them which means if the hacker manages to gain access to the main system, the honeypot will not detect this activity.
Conclusion
In conclusion, I support the answer provided by my classmate which states that “I would suggest implementing both to have protection. I would instruct my client to have inside and outside protection. We should place a Honeypot on the outside and a firewall on the inside. The more armor you have the better.”. This is because having several layers of security will always reduce the chances of the organization being compromised. Firewalls will help in the monetization of traffic in the entire network while the honeypots will not only help the security personnel to identify the attackers but also understand the attackers’ trends and be able to improve the security measures and techniques in existence.
