When most hear that a system has the protection of an antivirus software and a solid firewall they tend to jump the gun and belive that a system has full protection. Unfortunately this is not the case. This Article will Define your basic segments of security in simple terms, highlighting their specific needs and purposes.
Intrusion Detection Systems (IDS's) is akin to your internal alarm system that notifies you when someone has broken into your home. It is sometimes hooked up to a firewall, however it should not be completely reliant on your firewall or you will have a major security hole in your system.
A Firewall (which usually includes a weak IDS) are like the heavy door with a peep-hole that lets people in your house or blocks them. The "limited" IDS refereed to is a rule/policy tool that prompts you when it sees a new type of visitor. This is not sufficient on it's own since it leaves your system vulnerable to Trojan based attacks and communication.
An antivirus solution is much like a personal body guard who knows what "bad guys" look like through virus definitions. Though antivirus is great at protecting your files and system from damaging attacks, rouge code (viruses) is often written to steal information (like what you typed for passwords and credit card information) rather than damaging files, and this is NOT generally stopped by an antivirus software.
Virtual Private Networks (VPN's) are similar to making a tunnel between computers on a network, or on the Internet, since the Internet is one big network after all, that is shielded by a layer of encryption that wraps around the data being sent.
Antispyware, sometimes called an ad-ware remover, removes some types of well known Trojan viruses that are purposely added to legitimate programs by their vendors. By the way you agreed to it most of the time by accepting the user agreement as defined by software you have installed. This uses definition files to remove ad-ware while trying to maintain functionality (which is sometimes difficult).
Encryption is a way to protect files, directories, and network resources. Even though many excellent Algorithms have been made (and are available for use/download) such as 3DES (triple des) and Twofish (an AES Algorithm), many vendors use extremely weak ones for toting speed and performance, when the truth is anyone with a decoder ring can figure out how to decrypt it. Most of the time this is because industry either does not want high encryption available or it is too complex for some companies poorly trained IT departments that are one tenth the size they should be.
All of the above solutions generate a solid layer of security, however there are fundamental problems that occur in the operating system software that are exploited in a way where hackers can often bypass individual systems with ease. Therefore it is also very important that you have not only recent versions of software to protect your system, but that it is updated and patched consistently (weekly preferably, or at least monthly).
Remember that any system can be broken into by numerous methods, and that every new feature or connection type that is available on a system leaves another way in which the system can be broken into. The human mind is much more complex and creative than any software available to protect systems so a looming threat is always nearby, though with the proper security systems in place, and the proper "physical security" maintained the likely hood that a system can be compromised is extremely reduced.
