Firewalls, IDS, IPS and Nmap

To prevent unathorized access and malitious attacks on a network system
administrators have a few options in their arsinal. Firewalls and Intrusion
Detection/Prevention Systems are the main line of defense in this situation.
These defenses are effective when configured properly. However, every defense
has its weakness. Understanding the limitations of these systams are crutial
for attackers and defensers. The goal of this essay is to explore these systems
and the role they play, and how we can use Nmap, a powerful tool for scanning
networks, can test these defenses and identify potential weaknesses.

Firewalls can be software or dedecated hardware devices that monitors network
traffic and filters packets based on predefined rules. These rules can be based
upon IP address, ports, or protocols. For example, ICMP is often filtered to prevent
scanning tools. An Intrustion Detection System is similar in designe. However,
there are two main differences. First, it does not prevent packets from being
sent. Rather it notifies the security team or system administrator of abnomilies.
Secondly, it is much more advanced and looks at the overall traffic. Looking
for known patterns or suspicious activites. Whereas an Inrusion Prevention
System is a mix of both. Not only does it look at the traffic as a whole and
look for known patterns or suspicious behavior, it also blocks or drops packtes
like a firewall.

These tools are a great defense if used properly. To use them properly you
must have well thought out rules and keep them up to date. Overly permissive
rules can inadvertantly expose sentsitive information. IDS and IPS need to be
kept up to date to make sure they have the latest attack signtures and
abnomility detection. These devices also have their limitations. For example,
encrypted traffic. If the data packets are encrypted the contents can not be
inspected, only the metadata can. These devices can also affect network
performance. Like the securty screening at the airport if you have a lot of
packets comming in and if each one needs to be inspected, it can create a
bottleneck. Also, there are alwsys a possibility of a false negitive or a false
positive. Meaning that regular mainitance and testing is important to keeping
your devices working at peak performance.