The firewall that is released as a product has a much higher level of security than the one installed in the OS or the application. However, it is not universal against all cyber attacks. Here, we will introduce what kind of cyber attacks cannot be prevented.
What is a firewall?
A firewall that comes to mind when considering the introduction of security products, but what is its meaning and function? Let's check before considering the difference from antivirus software.
Security products that prevent unauthorized access from the outside
Firewalls prevent unauthorized access and attacks from external networks. Its main role is to limit communication from the outside and keep the internal environment safe by placing it mainly between the outside and the internal network.
Main functions of the firewall
There are three main functions of the firewall. Specifically, they are "filtering", "address translation", and "monitoring". Make full use of these three functions to prevent unauthorized access to the internal network. Also, please refer to the following article for a detailed explanation of firewalls.
What is the difference between a firewall and antivirus software?
So far, we have looked at the role and function of firewalls in detail. So what's the difference between a firewall and antivirus software? I will explain in detail below.
Firewalls cannot prevent viruses
The big difference between a firewall and antivirus software is whether you can prevent viruses.
For example, a firewall scrutinizes whether the communication is normally based on the rules set by the administrator. However, it is not possible to check whether the file contains a virus. Therefore, anti-virus software is required.
Now let's look at attacks that firewalls cannot prevent.
Attack (1) Virus
The effects of a virus attack are as follows.
- PC malfunction
- File corruption on PC
- Spread the virus on other networks
It can affect not only your important information but many others as well.
Attack (2) Spyware
A spyware attack causes the information on the PC to be transferred to a third party. Although it does not infect other PCs like a virus attack, there are concerns about the leakage of personal information.
Attack (3) Malware (malicious software)
The following symptoms occur in malware attacks.
- Desktop screen sharing
- Theft of password information
- Program installation
The above symptoms are called Trojan horses and bots, and their infection routes and damage conditions are different. Please note that antivirus software is required as a countermeasure against these attacks.
What are attacks that require other security products?
So far, I have explained the difference between firewalls and antivirus software from the perspective of preventable and unpreventable attacks. So are there any differences in attacks that can be prevented between firewalls and other security products?
From here, we will focus on the attacks that can be prevented by IPS and WAF, and explain the differences from firewalls.
Attacks that require IPS / IDS
Dos attack (Denial of Services attack)
・ Load the CPU (Central Processing Unit) and close the website
・ Exploit vulnerable security and shut down websites
・ Make a huge amount of communication and slow down the processing speed
Syn flood attack
・ A large number of SYN packets are sent and the website is closed.
A firewall is a security system that audits packets entering and exiting networks based on user-defined rules. Therefore, if the source IP address is spoofed, such as a Dos attack or Syn flood attack, the attack cannot be detected. Such attacks can be prevented with IPS and IDS.
The function of IPS / IDS is to audit what has been accessed. For example, a firewall is a barrier between an external network and an internal network, and an IPS / IDS is a gatekeeper or a surveillance camera. Even if you have a bill/qualification to pass through the checkpoint, you can check whether you are misrepresenting your identity and prevent intrusion.
Attacks that require a WAF
SQL injection attack
・ Tampering with applications on websites
・ Viewers of tampered content are infected with malware (secondary damage)
Cross-site scripting attack (XSS attack)
・ A viewer unintentionally executes malicious text and leaks personal information.
Attacks that exploit vulnerabilities in web applications are SQL injection attacks and cross-site scripting attacks. The security system against this attack is WAF. By the way, it is said that XSS attacks are difficult to detect even with the security system IPS / IDS.
In such a case, WAF is required. WAF is a system that protects against attacks by decrypting all the contents once via a reverse proxy (a proxy server that relays communication on behalf of the server) and using multiple detection security systems.
Find the best free antivirus for your computer
The right person for the security system
Have you gained a better understanding of firewalls? Firewalls are the first bastion to protect against unauthorized communication from your network. In addition, each security has a suitable range of protection, so you can build strong security by supplementing the parts that cannot be covered by the firewall.
Comments
Post a Comment