CIO Update: Enterprise Security Moves Toward Intrusion Prevention
|
|
- Howard Prosper Cannon
- 8 years ago
- Views:
Transcription
1 IGG J. Pescatore, R. Stiennon Article 4 June 2003 CIO Update: Enterprise Security Moves Toward Intrusion Prevention As targeted hacker attacks increase, intrusion prevention is gaining importance while intrusion detection is fading away. Gartner has defined three key criteria for true network-based and hostbased intrusion prevention. Targeted hacker attacks on enterprises have been increasing, and are generally launched by more sophisticated and motivated attackers. Intrusion prevention is gaining importance while intrusion detection is fading away. Gartner has defined three key criteria for true network-based and hostbased intrusion prevention. Intrusion Detection Has Problems As enterprises became disenchanted by the performance of intrusion detection products, security vendors stopped using the word detection and began relabeling their products as intrusion prevention or intrusion protection. However few products provide the features that Gartner believes are necessary for true intrusion prevention. In the post-internet boom, with the dawn of Web services and with the network becoming an integral part of business operations, security solutions such as intrusion prevention systems are being introduced that offer real protection for the enterprise. Similar to intrusion detection, intrusion prevention can be separated into two broad categories host-based and network-based. Mandatory Requirements for Intrusion Prevention An intrusion prevention system must meet three key criteria: It must not disrupt normal operations. When it is inserted online, a network-based intrusion prevention system must not introduce unacceptable or unpredictable latency into a network. A hostbased intrusion prevention system must not use more than 10 percent of a system s resources. Normal network traffic and host-based processes should operate identically, whether an intrusion prevention system is running or not. Blocking actions must occur in real time or near real time, with latencies in the range of tens of milliseconds (not seconds). It must block malicious actions using multiple algorithms. Intrusion prevention systems must provide blocking capabilities that include signature-based blocking of known attacks. However, intrusion prevention systems must also move beyond simple signature-based approaches such Gartner Entire contents 2003 Gartner, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.
2 as those used by antivirus and intrusion detection systems to at least support policy, behavior and anomaly-based detection algorithms. These algorithms must operate at the application level in addition to standard, network-level firewall processing. It must have the wisdom to know the difference (between attack events and normal events). As intrusion prevention systems mature, they will be able to positively identify and block higher percentages of attacks than today s first-generation intrusion prevention systems (that is, firewalls) do. However, they will never be perfect, and it will always be necessary to flag suspicious activity for further human investigation. Thus, the intrusion detection market will be relegated to mere first-alert status. Host-Based Intrusion Prevention Host-based intrusion prevention is software that resides on a server and prevents cyberattacks against the operating system or applications. Products from Okena and Entercept Security Technologies have had early success in protecting servers, particularly against the Code Red and Nimda attacks. Host-based intrusion prevention is an immediate cure for vulnerabilities in servers, but because of the costly overhead of managing security software on many diverse platforms within the enterprise, host-based intrusion prevention systems will not see the same adoption rate as network-based intrusion prevention. Host-based intrusion prevention technology can apply policies based on predefined rules or learned behavior analysis to block malicious server or PC actions. Host-based intrusion prevention can stop attackers from implementing buffer overflow strikes, changing registry keys, overwriting Dynamic Link Libraries or engaging in other approaches to obtain control of the operating system. Host-based intrusion prevention can be implemented as software shims that intercept calls between applications and the underlying operating system, or as kernel modifications that apply morestringent security controls than those built into commercial operating systems. Examples of software shims are: Network Associates/Entercept Security Technologies Cisco Systems/Okena Sana Security GreenBorder Technologies Examples of kernel modifications are: Argus Systems Group Sun Microsystems Trusted Solaris Operating System Hewlett-Packard s Virtual Vault
3 Host-based software that simply locks down the host and only allows certain applications to execute does not meet Gartner s criteria for host-based intrusion prevention, because it does not protect against flaws in permitted applications. Network-Based Intrusion Prevention The advantages of network-based intrusion prevention systems include the reduced importance of constant monitoring, and that an attack does not set off chimes and claxons that cause a chaotic scramble to react. Network administrators know that Code Red attacks have become part of the background radiation of the Internet. Therefore, the time spent logging and responding to such attacks is wasted. Once identified, the affected session should simply be dropped. Thus, not only are valuable resources conserved, but also a better overall security posture is achieved. The defining characteristics and benefits of network intrusion prevention are: Firewalls and gateway antivirus systems are examples of first-generation, network-based intrusion prevention systems. However, firewalls primarily operate at the network protocol level, and antivirus systems largely implement simple, reactive (that is, non-real-time), signature-based detection and blocking. A true network-based intrusion prevention system must: Operate as an in-line network device that runs at wire speeds. Perform packet normalization, assembly and inspection. Apply rules based on several methodologies to packet streams, including (at a minimum) protocol anomaly analysis, signature analysis and behavior analysis. Drop malicious sessions don t simply reset connections. To do all that, network-based intrusion prevention must perform deep packet inspection of all traffic, and generally must use special-purpose hardware to achieve gigabit throughput. Software-based approaches that run on general-purpose servers may be sufficient for small enterprise use, and blade-based approaches may scale up to some large enterprises. However, for complex networks running at gigabit rates, Gartner believes that application-specific integrated circuits and dedicated network security processors will be required to perform deep packet inspection, and to support blocking at wire speeds. Vendors include: TippingPoint Technologies IntruVert Networks NetContinuum ipolicy Networks Fortinet
4 Characteristics and Benefits of Network Intrusion Prevention The defining characteristics and benefits of network intrusion prevention are: Inline position: Rather than tapping into a data stream from the switch or other device, the products sit inline with the data stream. Inline systems can analyze and identify packets and sessions, verify which are malicious and drop the associated stream of packets. That is essential to the products protective abilities. Stateful signature: To efficiently handle multigigabit traffic streams, some form of stateful inspection must be used. The state of a particular communication going over a network includes the ability to have session knowledge about the packets being analyzed. Some awareness of state enables the engine to parse only the pieces of the session that are applicable to the attack signature. That provides high throughput and low latency, which are also required for enterprise applications. Combined algorithms: No single methodology can catch the maximum number of intrusion attempts while minimizing false positives. Intrusion prevention systems must use a combination of methodologies: Signature analysis is the most powerful method, but it must be augmented with protocol/packet anomaly detection. Protocol/packet anomaly detection focuses on signatures within the protocol or packet that have been defined as hostile, malformed, out of sequence or potential zombies, which are some distributed denial-of-service (DDoS) relay kits that can serve as transmitters for floods of packets to be sent to DDoS targets servers. The relay kits use Internet Relay Chat channels to communicate back to controlling hackers, who can direct the relay kits to start attacking certain Web sites. By bombarding sites with bogus traffic, hackers can make it impossible for a site to respond to legitimate connections. Behavior-based statistics are less exact, but they can provide a valuable function. This technique involves analyzing baseline metrics of known traffic patterns, then setting the alert threshold when extreme traffic pattern changes occur, such as massive flooding that may indicate a denial-of-service attack. (Flooding may also indicate a legitimate network traffic surge. Thus, notification can maintain or alert required infrastructure changes to meet valid traffic demand.) Dropping malicious traffic: Once a malicious session is identified, it is simply dropped, which protects the destination server or device. Logging and alerting are functions of these devices. Intrusion Prevention Summary Some facts about intrusion prevention are: Firewalls are intrusion prevention devices. As intrusion prevention begins to include application-level attack blocking, products must meet a minimum set of criteria before enterprises can take them into consideration.
5 Intrusion detection will always be required to give warnings about activities that are suspicious but not necessarily hostile. Most enterprises will require hardware-based intrusion prevention products to protect highspeed networks. Bottom Line As processing power and security algorithm performance increase, intrusion prevention will grow in importance, while intrusion detection will shrink. However, through 2006, enterprises should deploy a combination of both capabilities to meet security best practices. Written by Edward Younker, Research Products Analytical source: John Pescatore and Richard Stiennon, Gartner Research This article is an excerpt of a chapter from a new report, Securing the Enterprise: The Latest Strategies and Technologies for Building a Safe Architecture. The report is an offering of the Gartner Executive Report Series, a new business venture of Gartner Press that provides buyers with comprehensive guides to today s hottest IT topics. For information about buying the report or others in the Executive Report Series, go to For related Inside Gartner articles, see: Management Update: Security Strategies for Enterprises Using Web Services, (IGG ) CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader, (IGG ) CIO Alert: Follow Gartner s Guidelines for Updating Security on Internet Servers, Reduce Risks, (IGG )
What Are Network Security Platforms?
Markets, J. Pescatore, M. Easley, R. Stiennon Research Note 7 November 2002 Network Security Platforms Will Transform Security Markets An integrated network security platform approach will increase network
More informationFirewall Market Trends
Markets, R. Stiennon Research Note 19 June 2003 Magic Quadrant for Enterprise Firewalls, 1H03 Deep packet inspection technology is driving the firewall market to an inflection point that is characterized
More informationCIO Update: The Gartner Firewall Magic Quadrant for 2H02
IGG-09252002-03 R. Stiennon Article 25 September 2002 CIO Update: The Gartner Firewall Magic Quadrant for 2H02 In presenting its latest Firewall Magic Quadrant, Gartner discusses how the firewall market
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationUnderstanding the Nine Protection Styles of Host-Based Intrusion Prevention
Research Publication Date: 27 May 2005 ID Number: G00127317 Understanding the Nine Protection Styles of Host-Based Intrusion Prevention Neil MacDonald Many technology providers are entering the market
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationDecision makers often have difficulty selecting appropriate software
InSide Gartner This Week Vol. XIX, No. 23, 4 June 2003 Management Update: CRM Vendor Evaluations in a Volatile Market Decision makers often have difficulty selecting appropriate software packages for customer
More informationNGFWs will be most effective when working in conjunction with other layers of security controls.
Research Publication Date: 12 October 2009 ID Number: G00171540 Defining the Next-Generation Firewall John Pescatore, Greg Young Firewalls need to evolve to be more proactive in blocking new threats, such
More informationCIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader
IGG-04092003-04 M. Nicolett Article 9 April 2003 CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader Vendors in the Gartner IT Security Management Magic Quadrant for 1H03 are driven
More informationWhitePaper. Mitigation and Detection with FortiDDoS Fortinet. Introduction
WhitePaper DDoS Attack Mitigation Technologies Demystified The evolution of protections: From inclusion on border devices to dedicated hardware+behavior-based detection. Introduction Distributed Denial
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationUsers and Vendors Speak Out: Intrusion Detection and Prevention
Market Analysis Users and Vendors Speak Out: Intrusion Detection and Prevention Abstract: With network security concerns multiplying, intrusion protection systems are a hot commodity. But don't count out
More informationFail-Safe IPS Integration with Bypass Technology
Summary Threats that require the installation, redeployment or upgrade of in-line IPS appliances often affect uptime on business critical links. Organizations are demanding solutions that prevent disruptive
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationModern Denial of Service Protection
Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network
More informationResponsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users
Research Publication Date: 17 October 2006 ID Number: G00144061 Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Amrit T. Williams, John Pescatore, Paul E. Proctor
More informationUNDERSTANDING AND DEPLOYING HOST-BASED INTRUSION PREVENTION TECHNOLOGY
UNDERSTANDING AND DEPLOYING HOST-BASED INTRUSION PREVENTION TECHNOLOGY SESSION 1 Agenda Defining Host-Based Intrusion Prevention Host-Based Intrusion Prevention Components and Capabilities Cisco Security
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationPROACTIVE PROTECTION MADE EASY
PROACTIVE PROTECTION AUTHOR: ANDREW NIKISHIN KASPERSKY LAB Heuristic Analyzer Policy-Based Security Intrusion Prevention System (IPS) Protection against Buffer Overruns Behaviour Blockers Different Approaches
More informationThe Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System
The Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System Top Layer Networks, Inc. Enterprises without a sound intrusion prevention strategy across the three threat
More informationManagement Update: CRM Success Lies in Strategy and Implementation, Not Software
IGG-03122003-01 D. Hagemeyer, S. Nelson Article 12 March 2003 Management Update: CRM Success Lies in Strategy and Implementation, Not Software A customer relationship management (CRM) package doesn t ensure
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationTraditionally, firewalls and anti-virus programs
NETWORK SECURITY Intrusion Prevention Systems: Security s Silver Bullet? Dinesh Sequeira Dinesh Sequeira is an independent network consultant specializing in network security and wireless networks. He
More informationOrganizations Must Employ Effective Data Security Strategies
Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationHierarchy of Needs for Content Networking
Technology, M. Fabbi Research Note 28 October 2002 Hierarchy of Needs for Content Networking Enterprises should understand the hierarchy of needs for content networking, which is illustrated by examining
More informationHow To Protect Your Network From A Hacker On A Gigabit Ip Device
Intrusion Prevention Systems (IPS) January 2004 Click here to view the latest Intrusion Prevention Systems (IPS) test report in full on-line Introduction In a recent survey commissioned by VanDyke Software,
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationHow To Design An Intrusion Prevention System
INTRUSION PREVENTION SYSTEMS (IPS): NEXT GENERATION FIREWALLS A Spire Research Report March 2004 By Pete Lindstrom, Research Director SP i RE security Spire Security, LLC P.O. Box 152 Malvern, PA 19355
More informationAdvancement in Virtualization Based Intrusion Detection System in Cloud Environment
Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationVoice Over IP (VoIP) Denial of Service (DoS)
Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationNew Sales and Marketing Models Required to Sell Business Process Services
Research Brief New Sales and Marketing Models Required to Sell Business Process Services Abstract: Numerous internal and external catalysts of change are forcing service providers to continuously reassess
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationSafeguards Against Denial of Service Attacks for IP Phones
W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)
More informationSecuring the Intelligent Network
WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationATM END-POINT PROTECTION MONITORING
ATM END-POINT PROTECTION MONITORING GENERAL PROVISION Service Activation. To activate the ATM End-Point Protection Monitoring Service it may be necessary to install hardware and/or software components.
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationTHE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005
THE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005 13 DECEMBER 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation
More informationHillstone Intelligent Next Generation Firewall
Hillstone Intelligent Next Generation Firewall Kris Nawani Solution Manager (Thailand) 12 th March 2015 1 About Hillstone Networks Founded 2006 by Netscreen visionaries World class team with security,
More informationB database Security - A Case Study
WHITE PAPER: ENTERPRISE SECURITY Strengthening Database Security White Paper: Enterprise Security Strengthening Database Security Contents Introduction........................................................................4
More informationNow Is the Time for Security at the Application Level
Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationImproving Network Protection and Performance with Network-Based Antivirus Technology
Improving Network Protection and Performance with Network-Based Antivirus Technology White Paper October, 2002 Abstract The predominant approach used by networked organizations to provide protection against
More informationDatabase Security, Virtualization and Cloud Computing
Whitepaper Database Security, Virtualization and Cloud Computing The three key technology challenges in protecting sensitive data in modern IT architectures Including: Limitations of existing database
More informationOverview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A
Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What is NetFlow? Network protocol originally developed by Cisco
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationTotal Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security
Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security White Paper September 2003 Abstract The network security landscape has changed dramatically over the past several years. Until
More informationManagement Update: The Eight Building Blocks of CRM
IGG-06252003-01 S. Nelson Article 25 June 2003 Management Update: The Eight Building Blocks of CRM Customer relationship management (CRM) represents the key business strategy that will determine successful
More informationDenial of Service Attacks, What They are and How to Combat Them
Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001
More informationManagement Update: The Cornerstones of Business Intelligence Excellence
G00120819 T. Friedman, B. Hostmann Article 5 May 2004 Management Update: The Cornerstones of Business Intelligence Excellence Business value is the measure of success of a business intelligence (BI) initiative.
More informationWhat CIOs Want to Know About Microsoft Active Directory
IGG-01222003-01 J. Enck Article 22 January 2003 What CIOs Want to Know About Microsoft Active Directory Active Directory deployments are increasing and so are questions about the technology. Gartner addresses
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationKaspersky DDoS Prevention
Kaspersky DDoS Prevention The rapid development of the online services industry and remote customer service systems forces entrepreneurs to consider how they can protect and ensure access to their resources.
More informationAttack Evaluation and Mitigation Framework
Attack Evaluation and Mitigation Framework Laura Gheorghe, Răzvan Rughiniş, Nicolae Ţăpuş Politehnica University of Bucharest, Romania laura.gheorghe@cs.pub.ro, razvan.rughinis@cs.pub.ro, ntapus@cs.pub.ro
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationFirewall Evolution - Deep Packet Inspection by Ido Dubrawsky last updated July 29, 2003
Seite 1 von 5 Firewall Evolution - Deep Packet Inspection by Ido Dubrawsky last updated July 29, 2003 Firewalls provide a variety of services to networks in terms of security. They provide for network
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationIntruPro TM IPS. Inline Intrusion Prevention. White Paper
IntruPro TM IPS Inline Intrusion Prevention White Paper White Paper Inline Intrusion Prevention Introduction Enterprises are increasingly looking at tools that detect network security breaches and alert
More informationManaging Vulnerabilities For PCI Compliance
Managing Vulnerabilities For PCI Compliance Christopher S. Harper Vice President of Technical Services, Secure Enterprise Computing, Inc. June 2012 NOTE CONCERNING INTELLECTUAL PROPERTY AND SOLUTIONS OF
More informationNext-Generation Firewalls: Critical to SMB Network Security
Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more
More informationPretend or Prevent? Intranet. Internet Router IDS Hub Firewall. Overview. Recognizing attacks. Intercepting attacks. White Paper
Overview Pretend or Prevent? No matter what it s called, if a network security system doesn t shoot first and ask questions later, it doesn t qualify as intrusion prevention by Jon Ramsey Intrusion detection
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationHow to Develop an Effective Vulnerability Management Process
Research Publication Date: 1 March 2005 ID Number: G00124126 How to Develop an Effective Vulnerability Management Process Mark Nicolett IT organizations should develop vulnerability management processes
More informationRadware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International. www.radware.
Radware s Smart IDS Management FireProof and Intrusion Detection Systems Deployment and ROI North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware
More informationWhy Is DDoS Prevention a Challenge?
ANALYST BRIEF Why Is DDoS Prevention a Challenge? PROTECTING AGAINST DISTRIBUTED DENIAL-OF-SERVICE ATTACKS Authors Andrew Braunberg, Mike Spanbauer Overview Over the past decade, the threat landscape has
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationDatabase Security in Virtualization and Cloud Computing Environments
White Paper Database Security in Virtualization and Cloud Computing Environments Three key technology challenges in protecting sensitive data Table of Contents Securing Information in Virtualization and
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationMeasuring Sarbanes-Oxley Compliance Requirements
IGG-10012003-03 R. Mogull, D. Logan, L. Leskela Article 1 October 2003 CIO Alert: How You Should Prepare for Sarbanes-Oxley Sarbanes-Oxley is the most sweeping legislation to affect publicly traded companies
More informationBusiness Activity Monitoring: The Merchant's Tale
Case Studies, D. McCoy Research Note 26 April 2002 Business Activity Monitoring: The Merchant's Tale Vendors are gearing up to deliver BAM installations. Will they be prepared for the organizational dynamics,
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationTechnology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse
Technology Blueprint Defend Against Denial of Service (DOS and DDOS) Attacks Protect each IT service layer against exploitation and abuse LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL
More informationChapter 15. Firewalls, IDS and IPS
Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet
More informationCisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers
Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers The Cisco Intrusion Prevention System Advanced Integration Module
More information