Home About Us Products Training Professional Services News/Events Contact Us
Security Technologies
Firewall
DLP
VPN
Intrusion Prevention
Check Point
Juniper
McAfee
Sonicwall
Stonesoft
Authentication
Content Security
Cryptographic Techniques
Enterprise Security Management
Vulnerability Management
Secure Web Gateway
Security Architectures
Secure Internet Perimeter
Secure Remote Access
Identity & Access Management
Internal Security
 
Qualys

INTRUSION PREVENTION

An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

Evolution
When we talk about Intrusion Detection Systems (IDS), management automatically assumed it is THE solution to all network, organization and social problems. Most people deal with this technology like it is a monolithic solution. This is not a good way to consider any security technology, it does not work like that. The majority fails to recognize that IDS' initial design and function is to protect the organization's vital information from an outsider.

However, this is now slowly changing, as more organizations want to monitor their networks because studies shows the majority of all losses in the commercial sector involve insiders. They now want to use the IDS in any of the following combinations: To track down insiders, catch them in the act, get the evidence needed for prosecution, fire them or take them to court for indictment.

New attack techniques are coming out each month and the IDS technology must adapt to these rapid changes. The list of all known attacks constantly changes rendering codifying the statistical "signature" of a new attack a daunting task for R&D labs.

Current Network Intrusion Detection System (NIDS) products (first generation) use a predominantly passive approach to collect data via protocol analysis by watching traffic on the network. Most IDS have been built on signature-base and anomaly detection, providing the capability to look for set "patterns" in packets, but they can also be tuned to look for things you should never see. The addition of specific string search signature (i.e. look for confidential), logging and TCP reset features has greatly enhance the IDS capability as a detection and protection tool.

Due to the inability of NIDS to see all the traffic on switched Ethernet, many companies are now turning to Host-based IDS (second generation). These products can use far more efficient intrusion detection techniques such as heuristic rules and analysis. Depending on the sophistication of the sensor, it may also learn and establish user profiles as part of its behavioral database. Charting what is normal behavior on the network would be accomplished over a period of time.

Strength facing IDS
  • A strong IDS Security Policy is the HEART of commercial IDS
  • Provides worthwhile information about malicious network traffic
  • Can be programmed to minimise damage
  • A useful tool for one's Network Security Armory
  • Help identify the source of the incoming probes or attacks
  • Can collect forensic evidence, which could be used to identify intruders
  • Similar to a security "camera" or a "burglar alarm"
  • Alert security personnel that someone is picking the "lock"
  • Alerts security personel that a Network Invasion maybe in progress
  • When well configured, provides a certain "peace" of mind
As part of the Total Defense Strategy of an organization, they offer additional protection and deterrence against:
  • Script kiddies
  • Hackers
  • Would-be hackers
  • Crackers
  • Industrial espionage
  • Elite Blackhat

Intrusion Detection Systems prevents an attack on a network or computer system. An IPS stops the attack from damaging or retrieving data. Whereas an IDS passively monitors traffic by sniffing packets off a switch port, an IPS resides inline like a firewall, intercepting and forwarding packets. Intrusion prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Like an intrusion detection system (IDS), an intrusion prevention system (IPS) monitors network traffic. However, because an exploit may be carried out very quickly after the attacker gains access, intrusion prevention systems also have the ability to take immediate action, based on a set of rules established by the network administrator. For example, an IPS might drop a packet that it determines to be malicious and block all further traffic from that IP address or port.
Copyright © Provision Software Division 2005. All rights reserved.