Protecting a network requires more than a single security tool. In IB Computer Science, students are expected to understand different network security mechanisms and how they work together. Two commonly examined tools are firewalls and intrusion detection systems (IDS). Although both protect networks, they serve very different roles.
IB examiners reward answers that clearly compare prevention vs detection.
What Is a Firewall?
A firewall is a security system that:
- Controls incoming and outgoing network traffic
- Applies predefined rules
- Blocks unauthorised access
Firewalls act as a barrier between:
- Trusted internal networks
- Untrusted external networks
In IB terms, firewalls focus on preventing attacks before they happen.
How Firewalls Work
Firewalls:
- Inspect network traffic
- Allow or block data packets
- Enforce access rules
They are commonly used to:
- Block unauthorised connections
- Restrict access to services
- Protect internal systems
Firewalls operate in real time, stopping traffic at the network boundary.
What Is an Intrusion Detection System (IDS)?
An Intrusion Detection System (IDS) is a security system that:
- Monitors network or system activity
- Detects suspicious behaviour
- Raises alerts when potential attacks occur
Unlike firewalls, IDS do not block traffic automatically.
In IB terms, IDS focus on detecting attacks after or during attempted access.
How IDS Work
IDS systems:
- Analyse traffic patterns
- Compare activity to known attack signatures
- Identify unusual behaviour
When a threat is detected:
- An alert is generated
- Administrators are notified
IDS provide visibility, not direct prevention.
Key Differences Between Firewalls and IDS
A strong IB comparison:
- Firewalls
- Prevent unauthorised access
- Enforce rules
- Block traffic
- IDS
- Detect suspicious activity
- Monitor behaviour
- Generate alerts
Firewalls act first.
IDS provide insight after or during attacks.
Prevention vs Detection
The core distinction is:
- Firewalls = prevention
- IDS = detection
Both are necessary for a complete security strategy.
Why Both Are Used Together
Using only firewalls:
- Some attacks may still get through
Using only IDS:
- Attacks are detected but not stopped
Together:
- Firewalls reduce attack surface
- IDS detect bypassed or internal threats
This layered approach is known as defence in depth.
Limitations of Firewalls
Firewalls:
- Cannot detect all attacks
- Cannot see encrypted traffic in detail
- Cannot detect insider threats easily
This is why additional monitoring is required.
Limitations of IDS
IDS:
- Do not automatically stop attacks
- Can produce false positives
- Require human response
They support decision-making rather than replacing it.
Common Student Mistakes
Students often:
- Say IDS block attacks
- Say firewalls detect attacks
- Ignore layered security
- Give vague comparisons
Clear functional distinction earns marks.
How This Appears in IB Exams
IB questions may ask students to:
- Compare firewalls and IDS
- Identify which tool fits a scenario
- Explain why both are needed
- Discuss limitations
Comparison and justification score highest.
Final Thoughts
Firewalls and intrusion detection systems protect networks in different ways. Firewalls prevent unauthorised access by blocking traffic, while IDS monitor systems to detect suspicious behaviour and alert administrators.
Understanding how these tools complement each other allows IB Computer Science students to explain layered security clearly and confidently — exactly what examiners expect.
