Homework answers / question archive / Both a firewall and a honeypot can function as an IDS

Both a firewall and a honeypot can function as an IDS

Computer Science

Share With

---

Both a firewall and a honeypot can function as an IDS. While the firewall's main purpose is typically to establish a barrier between two networks to control traffic, the honeypot is a unique type of IDS providing other functionality. One of your clients has asked you if they need to install both, or will one of them alone provide adequate protection for their network?

Briefly analyze and discuss the benefits and drawbacks of each of the possible configurations (for example, firewall only, honeypot only, both firewall and honeypot) and answer your client's question on the need for both.

Answer a classmate

Hello Professor and Classmates,

A firewall is a device installed between your internal network and the rest of the network. It will filter and forward. Firewalls monitor the flow of traffic between networks and the outside world. They have advantages and disadvantages but should always be used. A firewall is as only good as its configuration.

Advantages

It can block email and combat SPAM.

It can restrict access from both the outside and inside the organization.

It can act as a router of your data between networks.

It can Audit and log all traffic.

Disadvantages

It can't protect data through social engineering

It can't protect against what is allowed or permitted.

It can't stop attacks from traffic that does not go through them.

It can't stop or secure tunneling attempts.

It can be configured so strict you lose operational functionality. (People often don't consider the firewall itself your own enemy)

A Honeypot is a network-attached decoy that lures attackers with data that is irrelevant (it should be!!!) to protect your assets and network and buy you time. Often a honeypot created is a server, application or a database that is loaded with lots of nothing. Large companies and most governments at all levels deploy these to harden their networks.Using a honeypot does work as an IDS because when you realize your data on "how to build a snowman in the desert" is discovered, copied and stolen you will know there is someone lurking in your network. These can be put outside the firewall of your network. Viewing the audit trails of your honeypot is your IDS. Our infrastructure uses VMs as honeypots since they are easy and cheaper to deploy. My favorite is the Malware Honeypot, its like a sweet taste of their own medicine dosed back.

Advantages

Less false positives

Cheaper than a network or lots of host based IDS implementation

Captures malice

Disadvantages

Only works when there is an attempt to collect data

Experienced and pro hackers can often recognize when they stumble upon one

It is still a risk, low but still a risk with access

I would suggest implementing both to have protection. I would instruct my client to have inside and outside protection. We should place a Honeypot on the outside and a firewall on the inside. The more armor you have the better.