IDS, called Intrusion Detection System (for Cisco) is an advanced form of traffic analysis for firewalls. It is also called Stateful Inspection. Depending on the amount of security needed, it may not be enough to restrict access by port, source and destination. What if I allow the WHOLE internet access to my company's public FTP server (maybe for a free download), someone might know of a FLAW for that particular FTP server that could give them some special and unwanted access. This is where Stateful Inspection comes in.
Stateful Inspection is an amazing utility that knows all the valid commands to expect for your typical network services (SMTP, HTTP, FTP, DNS, etc). If you setup a Stateful Inspection firewall, it makes sure that only approved and correct commands are being used for each type of service. This is what you use to protect about know service vulnerabilities, such as buffer overruns.
Stateful Inspection firewalls are CPU intensive and expensive. You can get equipment from vendors such as Cisco (PIX Firewall or IDS feature set), Symantec, and Checkpoint.
Article last reviewed: 01/09/2006