Firewall
and antivirus are
mechanized to provide security to our system. Although the vulnerability
is different in both cases. The main difference between Firewall and
Antivirus is that a Firewall ac
Firewall
and antivirus are the
mechanisms to provide security to our systems. Although the
vulnerabilities are different in both cases. The main difference between
Firewall and Antivirus is that a Firewall acts as a barrier to incoming traffic
to the system.
On
the contrary, the antivirus protects against internal attacks such as malicious
files, etc.
Firewall
and Antivirus
functions in different approaches like Firewall emphasize on inspecting the
data flowing from the Internet to the computer. In contrast, an antivirus
emphasizes the inspection steps for malicious programs, such as detection,
identification, and removal.
|
Basis for comparison |
Firewall |
Antivirus |
|
Implemented in |
Both hardware and software |
Software only |
|
Operations carried out |
Monitoring and filtering
(specifically IP filtering) |
Scanning of infected files and
software. |
|
Deal with |
External threats |
Internal and external threats. |
|
The inspection of the attack is
based on |
Incoming packages |
Malicious software residing on a
computer |
|
Counter attacks |
Routing attacks and IP spoofing |
Unable to perform counterattacks
once malware has been removed |
Definition
of firewall
A
firewall can be considered as a standard approach that protects local computing
assets from external threats. A firewall is designed to filter out IP
packets that come from the network to the computer. It is also an
effective way to protect the local system as well as against the network, and
you can simultaneously access the Internet or a wide area network.
Characteristics of
a firewall
· First
of all, it ensures that all traffic coming from the outside to the inside or
vice versa is transferred through it.
· Only
authorized traffic transfer is allowed through the firewall (as described in
the security policy).
· It
uses a reliable system with a secure operating system that makes it robust
against penetration.
Firewall types
· Packet filters
- Packet filters are also called as screening router and screening filter.
The packet filter passes (forwards or drops) the packet after applying a set of
rules and decides based on the result.
Although the security of packet
filters can be breached through IP spoofing, source routing attacks, and small
fragment attacks. The advanced type of packet filters is the dynamic
packet filter and the stateful packet filter.
· Application
Gateway - Also known as the proxy server. Since it behaves as a proxy
or replacement and decides on the flow of traffic at the application level and
hides the source IP from the outside world.
· Input
circuit - It is similar to the application gateway, but has some
additional functionality, such as creating a new connection between itself and
the remote host. It is also capable of changing the source IP address in
packets from the end user IP. This is how you hide the original IP address
of the source.
Limitations
·
Inside
attacks cannot be blocked by the firewall and they are not preventing it
either.
·
It
cannot protect against malicious attacks.
Definition of ANTIVIRUS
An antivirus is application software that
provides security against malicious programs that come from the
internet. However, it is extremely difficult or almost impossible to avoid
them entirely from the internet connected world.
Antivirus follows an approach in which
it performs detection, identification, and removal.
· Detection - On detection, the software is aware
of the malware attack and locates the infected file or program.
·
Identification - After detection, it recognizes
the type of virus.
· Removal - Lastly, the antivirus takes steps to
remove the infected file and all its traces restore the original backup file /
program. If detection completes successfully and identification and removal are
not possible, then Antivirus discards the infected file and reloads the
infection-free backup version.
Several generations of antivirus have
evolved due to the improvement in viruses and antivirus
technology. Previously, this was not the scenario before viruses were
simple snippets of code that were easily identified and removed.
Generations of antivirus.
1.
1st
generation -
These are simple scanners that necessarily needed the virus signature to
determine the particular virus. This type of scan was limited to the
specific virus of the firm. If any "wildcard" viruses arrive,
they didn't work.
2.
2nd
generation -
These antivirus software
programs did not rely on the virus signature but instead used the heuristic
approach to search for the possible virus attack. The approach was to
search for blocks of code that were generally related to viruses.
3.
3rd
generation -
This involves memory-resident antivirus software programs that recognize
viruses based on their activities, rather than structure.
4.
4th
generation -
These software programs combine many antivirus techniques together, such as
scanning, monitoring, etc. They are also known as behavior blocking
software that is incorporated with the computer's operating system and watches
virus-like actions in real time. Every time an uncertain action is
detected, it is blocked, preventing further damage. Emphasizes virus
prevention rather than virus detection.
Limitations
· The
antivirus only
supports CIFS (Common Interface File System) protocol, not NFS file
protocol.
·
It
is practically not feasible to provide virus protection for files that are
simultaneously read as they are written.
·
It
is not possible to perform an anti-virus check on read-only files.
· A
firewall can be used in both software and hardware, while Antivirus can only be
implemented in software.
· The
antivirus performs a scanning operation that also involves detection,
identification and removal. Rather, the firewall monitors and filters
incoming and outgoing packets.
· Firewalls
deal with external attacks only while Antivirus deals with both external and
internal attacks.
· At
the firewall, inspection of the attack relies on incoming packets by applying a
set of rules. On the contrary, in antivirus, infected files and malicious
programs are inspected / scanned.
· IP
spoofing and routing attacks are the techniques that can violate security,
especially in the case of packet filters (type of firewall). On the other
hand, in antivirus,
counterattacks are not possible once a malware is purged.
Conclusion
Firewall and Antivirus appear
similar, providing a mechanism to protect a computer from external and internal
threats. Although the type of attack may differ in both cases.
A firewall prevents untrusted and
unauthorized programs from having access to communicate with the computer, but
it does not perform detection, identification, and removal. Rather, it
restricts and blocks incoming / outgoing traffic from reaching the computer. On
the other hand, the antivirus
detects, identifies and removes malware (malicious program) from the computer.
No comments:
Post a Comment