For this reason it is advisable to use personal firewall software (see Top Software Firewall Products) on the computer as well. The router firewall will block most “normal” incoming connections. Should some traffic get past the firewall or if your system gets infected with a worm or Trojan horse and tries to interact with the system and establish outbound connections your software firewall will detect this activity and alert you.
There are various techniques or methods employed by firewalls. Some, like mentioned above on your basic cable / DSL router use simple port blocking or packet filtering. This method can be vulnerable to some exploits which would let an attacker use IP spoofing or other tricks to sneak past the firewall. Other methods like stateful inspection, circuit-level gateways and application gateways provide better security but at the cost of some speed and performance. To learn more about the various methods read What Is A Firewall?.
Another perimeter defense that you can employ is an Intrusion Detection System, or IDS. An IDS is not designed to block any traffic per se. An IDS is a device or application used to inspect all network traffic and alert the user or administrator when there has been unauthorized attempts or access. Depending on the device or application used, the IDS can either simply alert the user or administrator or it could be set up to block specific traffic or automatically respond in some way.
The two primary methods of monitoring are signature-based and anomaly-based. Signature-based detection relies on comparison of traffic to a database containing signatures of known attack methods. As new vulnerabilities and exploits are discovered you must update the IDS to recognize new attacks.
Anomaly-based detection compares current network traffic to a known-good baseline to look for anything out of the ordinary. Using anomaly-based detection an IDS can theoretically detect attacks that are not yet known and for which no signature yet exists. Both methods have their drawbacks and many IDS systems use a hybrid of the two methods.
The IDS can be placed strategically on the network as a NIDS (network-based intrusion detection) which will inspect all incoming network traffic or it can be installed on each individual system as a HIDS (host-based intrusion detection) which inspects traffic to and from that specific device only.