Intrusion Detection

Intrusion Detection and Attack Prevention

eTrust Intrusion Detection not only detects attempts at damaging or reducing your company network’s functionality, but also shows you how to deal with these situations. Intrusions can include, for example, attempts to misuse and confuse the FTP server, attempts to obtain directory listings on the Web server, or attempts to read files on your network. When these events are detected, the product immediately sends an alert. The alert message includes the source of the intrusion, a description of the intrusive action and suggestions on how to counteract this action.

Detection of Known Patterns

WinNuke. Ping of Death. SYN attack. These are only some of the tactics used by parties to deliberately impair your network’s functionality. eTrust Intrusion Detection combats this problem by automatically detecting a number of denial of service attacks. Upon detection, the product responds by sending an alert which allows immediate reaction to the attack. There is also provided a detailed report of these and other suspicious network activities.

Protecting Servers from Hostile Access

Users can easily access Internet and Intranet servers. Regular access control is via passwords, which can easily be hacked. In many cases, once a user has access to a server, access rights can easily be changed. eTrust Intrusion Detection can protect servers from hostile access by blocking access to specific servers from a specific group of users, stations or environments; logging and blocking future attempts to access a server using an incorrect password; by identifying attempts to use a known hole in the server to change access rights; and by providing detailed usage reports which can be used to trace the source of hostile accesses.

Identifying Irregular Use and Special Protocols

Protocols such as RealAudio and Net2Phone take up a lot of bandwidth. Excessive use of these protocols can significantly slow down network traffic. Using the data that eTrust Intrusion Detection collects, you can easily pinpoint the users of these protocols and decide on ways to reduce or stop these activities. eTrust also detects situations where unauthorized stations are using a specific service on your network (e.g. users outside the organization are using the organization’s Email server to receive mail, or root access is being used to initiate Telnet sessions from machines not in the local network).

Detection Engines

eTrust includes a generalized and several specialized intrusion detection engines, which detect attempts by users (outside or inside the LAN) to use or penetrate the LAN with the aim of causing damage or reducing functionality. In this case, a security violation is triggered.

The generalized intrusion detection engine includes the ability to detect invalid login attempts, use of controlled user IDs, invalid challenge-responses, protocol usage or site access at restricted times, etc.

Detected Intrusions:

Low level network protocol attacks using sophisticated identification engines and libraries of attack patterns. Server intrusions using a library of server take-over patterns. Suspicious and malicious Java and ActiveX applets. Viruses or malicious active content in e-mail messages and attachments based on extensive virus library and state-of-the-art active e-mail analysis technology.

If you would like to request additional information on an eTrust network protection product or service, please click on the button below.

Service Strategies Inc.

2392 Mount Vernon Rd

Dunwoody, GA 30338-3092

678-441-0020   800-662-1615

assist@ssimail.com

Copyright © 1998 - 2002 Service Strategies Inc. All rights reserved.
Revised: October 13, 2003.