Practically every enterprise network connects to the Internet, but that connection creates some risks. Firewalls can watch the packets entering and exiting a network, comparing them to the security rules for that company, and allow only the types of traffic that the company believes should be allowed. Firewalls take care of a lot of security problems; however, they must allow some traffic through if an Internet connection is to be used for its intended purposes. Hackers can make their packets look like packets that the firewall should allow through, but those packets might be part of an attempt to cause harm to the network. IDSs watch packets passed by the firewall, looking for signatures that identify the known ways for people to cause problems with packets that do pass the firewall. Anti-virus software watches for files that are transferred to a host computer, usually when e-mail is downloaded or when the user uses a web browser. Like IDSs, anti-virus software uses signatures to help identify known viruses. |