Firewall and antivirus are mechanized to provide security to our system. Although the vulnerability is different in both cases. The main difference between Firewall and Antivirus is that a Firewall ac
Firewall and antivirus are the mechanisms to provide security to our systems. Although the vulnerabilities are different in both cases. The main difference between Firewall and Antivirus is that a Firewall acts as a barrier to incoming traffic to the system.
On the contrary, the antivirus protects against internal attacks such as malicious files, etc.
Firewall and Antivirus functions in different approaches like Firewall emphasize on inspecting the data flowing from the Internet to the computer. In contrast, an antivirus emphasizes the inspection steps for malicious programs, such as detection, identification, and removal.
Basis for comparison | Firewall | Antivirus |
Implemented in | Both hardware and software | Software only |
Operations carried out | Monitoring and filtering (specifically IP filtering) | Scanning of infected files and software. |
Deal with | External threats | Internal and external threats. |
The inspection of the attack is based on | Incoming packages | Malicious software residing on a computer |
Counter attacks | Routing attacks and IP spoofing | Unable to perform counterattacks once malware has been removed |
A firewall can be considered as a standard approach that protects local computing assets from external threats. A firewall is designed to filter out IP packets that come from the network to the computer. It is also an effective way to protect the local system as well as against the network, and you can simultaneously access the Internet or a wide area network.
Characteristics of a firewall
· First of all, it ensures that all traffic coming from the outside to the inside or vice versa is transferred through it.
· Only authorised traffic transfer is allowed through the firewall (as described in the security policy).
· It uses a reliable system with a secure operating system that makes it robust against penetration.
Firewall types
· Packet filters - Packet filters are also called as screening router and screening filter. The packet filter passes (forwards or drops) the packet after applying a set of rules and decides based on the result.
Although the security of packet filters can be breached through IP spoofing, source routing attacks, and small fragment attacks. The advanced type of packet filters is the dynamic packet filter and the stateful packet filter.
· Application Gateway - Also known as the proxy server. Since it behaves as a proxy or replacement and decides on the flow of traffic at the application level and hides the source IP from the outside world.
· Input circuit - It is similar to the application gateway, but has some additional functionality, such as creating a new connection between itself and the remote host. It is also capable of changing the source IP address in packets from the end user IP. This is how you hide the original IP address of the source.
Limitations
· Inside attacks cannot be blocked by the firewall and they are not preventing it either.
· It cannot protect against malicious attacks.
Definition of ANTIVIRUS
An antivirus is application software that provides security against malicious programs that come from the internet. However, it is extremely difficult or almost impossible to avoid them entirely from the internet connected world.
Antivirus follows an approach in which it performs detection, identification, and removal.
· Detection - On detection, the software is aware of the malware attack and locates the infected file or program.
· Identification - After detection, it recognizes the type of virus.
· Removal - Lastly, the antivirus takes steps to remove the infected file and all its traces restore the original backup file / program. If detection completes successfully and identification and removal are not possible, then Antivirus discards the infected file and reloads the infection-free backup version.
Several generations of antivirus have evolved due to the improvement in viruses and antivirus technology. Previously, this was not the scenario before viruses were simple snippets of code that were easily identified and removed.
Generations of antivirus.
1. 1st generation - These are simple scanners that necessarily needed the virus signature to determine the particular virus. This type of scan was limited to the specific virus of the firm. If any "wildcard" viruses arrive, they didn't work.
2. 2nd generation - These antivirus software programs did not rely on the virus signature but instead used the heuristic approach to search for the possible virus attack. The approach was to search for blocks of code that were generally related to viruses.
3. 3rd generation - This involves memory-resident antivirus software programs that recognize viruses based on their activities, rather than structure.
4. 4th generation - These software programs combine many antivirus techniques together, such as scanning, monitoring, etc. They are also known as behavior blocking software that is incorporated with the computer's operating system and watches virus-like actions in real time. Every time an uncertain action is detected, it is blocked, preventing further damage. Emphasizes virus prevention rather than virus detection.
Limitations
· The antivirus only supports CIFS (Common Interface File System) protocol, not NFS file protocol.
· It is practically not feasible to provide virus protection for files that are simultaneously read as they are written.
· It is not possible to perform an anti-virus check on read-only files.
· A firewall can be used in both software and hardware, while Antivirus can only be implemented in software.
· The antivirus performs a scanning operation that also involves detection, identification and removal. Rather, the firewall monitors and filters incoming and outgoing packets.
· Firewalls deal with external attacks only while Antivirus deals with both external and internal attacks.
· At the firewall, inspection of the attack relies on incoming packets by applying a set of rules. On the contrary, in antivirus, infected files and malicious programs are inspected / scanned.
· IP spoofing and routing attacks are the techniques that can violate security, especially in the case of packet filters (type of firewall). On the other hand, in antivirus, counterattacks are not possible once a malware is purged.
Conclusion
Firewall and Antivirus appear similar, providing a mechanism to protect a computer from external and internal threats. Although the type of attack may differ in both cases.
A firewall prevents untrusted and unauthorized programs from having access to communicate with the computer, but it does not perform detection, identification, and removal. Rather, it restricts and blocks incoming / outgoing traffic from reaching the computer. On the other hand, the antivirus detects, identifies and removes malware (malicious program) from the computer.
No comments:
Post a Comment