Why is an antivirus alone not enough?
A firewall is a device or piece of software designed to protect against unauthorised access to the network by filtering connections incoming and outgoing from the network. Firewalls detect incorrect connects and block them.
Every packet sent over the web comprises two parts: header and data payload, i.e. the proper content of the packet. The packet header contains information necessary to deliver the packet from the sender to the recipient. On the other hand, the payload provides information on the contents that are to be sent in the packet. For better visualisation, this can be compared to sending a package. The packaging (header) contains the basic information about the addressee, sender and the shipment method, while inside is the content (payload).
Packets going through a firewall are analysed for information contained in the header. The firewall can check basic information about the packet, i.e. where it is being sent from and to, or what port is being used in the communication. After filtering the packet header, the firewall determines whether this traffic should be blocked. If the traffic is consistent with previously set communication rules, the connection is allowed to pass through.
The firewall only inspects packet headers, it does not analyse their contents. It can result in sensitive content infiltrating through the barrier.
Packet analysis by IPS
Network protection is complemented by an intrusion prevention system. Similarly to a firewall, the IPS inspects packets sent in the network for the content of their headers, but also has a mechanism enabling it to penetrate the packet and analyse its payload. This enables inspecting the interior of transmitted packets.
The IPS checks the entire packet, i.e. the header and the payload. If a packet is incorrectly constructed, or dangerous content is present in its payload, the system blocks the connection..
Firewall is not enough
The Intrusion Prevention System performs a complete traffic analysis (from layer 3 to 7 of the ISO/OSI model). This way it is able to detect whether the transmitted data packet should be allowed through or blocked because it poses a danger to the network. In situations when a firewall allows dangerous connections, an IPS becomes the only barrier protecting the network against attacks.