Scribd
Upload
176 views4 pages

Antivirus, Firewall, and IDS Comparison

Uploaded by

ahmadmughalgee2228
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
176 views4 pages

Antivirus, Firewall, and IDS Comparison

Uploaded by

ahmadmughalgee2228
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Ahmad Zafar

Bs: IT
Roll No # 45
Information Security
Assignment
Q: Difference B/w Antivirus, Firewall and Intrusion Detection
System?
1: Antivirus
A software program designed to detect, prevent, and remove malicious
software (malware) such as viruses, worms, trojans, and spyware from a computer or
device.

Purpose:

Detects, prevents, and removes malicious software (e.g., viruses, worms, trojans).

Functionality:

• Scans files and programs for known patterns of malicious code (signatures).
• Uses heuristic analysis to detect unknown threats.
• Provides real-time protection to block malware before it executes.
• Scans downloaded files and email attachments.
• Provides scheduled and on-demand scanning.
• Often includes features like ransomware protection and phishing detection.

Placement:

Installed on individual devices (e.g., computers, servers, or smartphones).

Focus:

Malware and viruses.

Types:
• Signature-based
• heuristic-based
• behavior-based

Limitation:

Limited to known threats unless equipped with advanced heuristic or AI-based detection.

Cannot prevent attacks coming through network-level vulnerabilities

2: Firewall
A network security system that monitors and controls incoming and outgoing
network traffic based on predefined security rules, acting as a barrier between trusted and
untrusted networks.

Purpose:

Controls and monitors network traffic based on predefined security rules.

Types:

• Packet Filtering Firewall:

Examines packets and filters them based on rules.

• Stateful Firewall:

Tracks active connections and determines if packets are part of them.

• Application Firewall:

Monitors application-level traffic.

• Next-Generation Firewall (NGFW):

Includes advanced features like deep packet inspection and threat intelligence.

Features:

• Blocks unauthorized access while permitting legitimate communication.


• Can be configured to allow/deny traffic based on IP addresses, ports, or protocols
• Protects networks from external attacks.
• Blocks or restricts unauthorized access to sensitive data.
• Can be customized with access control lists (ACLs).
Limitation:

Cannot detect or stop internal attacks or malware already inside the system.

Placement:

At the network boundary or on individual devices.

Focus:

Regulating network traffic.

3 : Intrusion Detection System


A security system that monitors network or system activity to detect suspicious or
malicious behavior and alerts administrators of potential threats.

Purpose: Monitors network or system activities to detect suspicious or malicious behavior.

Types:

• Network-based IDS (NIDS):

Monitors network traffic.

• Host-based IDS (HIDS):

Monitors individual devices.

Functionality:

• Passive IDS: Alerts administrators about potential threats without taking direct
action.
• Active IDS (IPS - Intrusion Prevention System): Detects and blocks malicious
activities in real time.
• Identifies unusual traffic patterns or known attack signatures.
• Can work in tandem with firewalls and antivirus for enhanced security
• Detects attacks like port scans, unauthorized logins, or DoS attacks.

Placement:

Usually deployed at key points in the network.

Focus:
Identifying and alerting on suspicious or unauthorized activity.

Limitation:

Passive IDS does not take action to stop threats.

Prone to generating false positives and false negatives. Identifying and alerting on
suspicious or unauthorized activity.

You might also like