Scribd
Upload
45 views2 pages

IDS, IPS and Firewalls

The document provides an overview of network security components including firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and honeypots. It describes the types of firewalls, the function of IDS and IPS in detecting and preventing intrusions, and the role of honeypots in luring attackers. Additionally, it introduces Web Application Firewalls (WAF) and tools like Wafw00f and Nmap for identifying and analyzing web application security measures.

Uploaded by

caden87599
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
45 views2 pages

IDS, IPS and Firewalls

The document provides an overview of network security components including firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and honeypots. It describes the types of firewalls, the function of IDS and IPS in detecting and preventing intrusions, and the role of honeypots in luring attackers. Additionally, it introduces Web Application Firewalls (WAF) and tools like Wafw00f and Nmap for identifying and analyzing web application security measures.

Uploaded by

caden87599
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

IDS, IPS, Firewall

Firewalls - A firewall is a component which is used to filter the incoming and


outgoing traffic of a particular network. A firewall is having
a database of signatures for the data packets moving inside or outside of a
Network. The data packets moving in a Network Traffic having a malicious content
can be blocked
by a firewall according to the rule sets created by a Network Administrator.
https://youtu.be/aUPoA3MSajU

Types of Firewall :

1. Softwares Based Firewalls : These are the firewalls which is in the form of a
application or a software which is having a rule sets of Inbound and outbound
Traffic
coming from a Network.

2. Hardware Based Firewalls : A hardware based firewall is a peripheral which is


having a system box with a processor and giving us a Configuration Panel and having
more advanced features from a Software Based Firewalls.

## Demilitarized zone (DMZ)


- it is placed as a neutral zone between a particular company's internal network
and an untrusted external network to prevent outsider access to a company's private
data.
- it adds a layer of security to the corporate lan, by preventing direct access to
the other parts of the network.

IDS:
IDS stands Intrusion Detection System, it is a software or a hardware based program
which detects every suspicious activity and create a log for it. It can also create
the logs and send immediately to the Network Administrator so that they can find
out that there is a Intruder in our network.

- types of ids
:network based ids(nids) (these devices are placed in network in promiscuous mode)
:host based ids(it analyzes each systems behaviour.)

- types of ids alerts


:A false positive state is when the IDS identifies an activity as an attack but the
activity is acceptable behavior.

:A false negative state is the most serious and dangerous state. This is when the
IDS identifies an activity as acceptable when the activity is actually an attack

IPS:
IPS stands for Intrusion Prevention System, it acts and works by preventing the
intruders which have been doing malicious and illegal activities in the Network or
with
there clients immediately.

Honeypots :
A honeypot is a security mechanism designed to lure potential attackers or
intruders into a controlled environment where their activities can be monitored,
studied, and analyzed. The term "honeypot" comes from the idea of using something
sweet (like honey) to attract and trap unwanted visitors (like bees).
## --------------------------------

types of honeypots based on there deployment

1. **Low-Interaction Honeypots:**
--Simulates only the surface-level appearance of real systems.s

2. **Pure Honeypots:**
- Dedicated systems designed solely for the purpose of being honeypots.

3. **Production Honeypots:**
- Integrated into the actual production network to monitor and divert potential
threats.

What is Web aapplication firewall(WAF) -


It is a technique to provide extra security layer over the Web Applications via
configuration of Web Application Firewall [WAF].
Like - Cloudflare, ASPA Firewall, FirePass, FortiWeb, Huawei Cloud Firewall,
HyperGuard, WTS-WAF etc.

Wafw00f is a popular Python program/tool that takes the guesswork of fingerprinting


a website's firewall off your hands. Based on the responses to a series of
carefully crafted web requests, Wafw00f can determine the underlying firewall used
by a service that it probes. It is used to identify the WAF over the web
applications.

Download Link:- https://github.com/EnableSecurity/wafw00f

Installation :
#git clone https://github.com/EnableSecurity/wafw00f.git
#cd wafw00f
#chmod 777 *
#python setup.py install

Commands :

#wafw00f -l
#wafw00f https://www.domain.com
#wafw00f -a https://www.domain.com
#wafw00f -v https://www.domain.com

Nmap : This tool is used to perform many things over here.

Commands :

#nmap -p 80,443 <ip address/ domain.com>


#nmap -p 80,443 --script=http-waf-detect <ip address/ domain.com>
#nmap -p 80,443 --script=http-waf-fingerprint <ip address/ domain.com>

You might also like