SSi Service Strategies Inc.

Traffic Processing

Home
Up
Product Information
Product Evaluation
Contact SSi
Site Contents
Site Search
Glossary
Notices

 

Network Traffic Processing

Network Traffic Processing

How eTrust Intrusion Detection Processes Network Traffic

You can install eTrust Intrusion Detection network protection software on any PC running Windows NT (4.0 or higher) or Windows 98/95, which is connected to a segment in the local network.

Once activated, eTrust Intrusion Detection listens to all the TCP/IP traffic that passes through the network. eTrust Intrusion Detection has the ability to identify attacks on the network against specific servers or against the whole network. Using eTrust Intrusion Detection, the administrator can review the log of all the activities associated with suspicious sessions, obtain statistical and detailed reports about them, and reconstruct the sessions in a way that enables an exact view of what was done by the specific users or of the anatomy of an attack.

eTrust Intrusion Detection can react in real time when a problem is encountered, by generating an alert (via Email, fax etc.). Like a firewall, eTrust Intrusion Detection also blocks illegal communications using "unobtrusive monitoring and blocking" technology.

Traffic Processing

eTrust Intrusion Detection checks each session against the rules until either the session terminates or a match occurs. If there is a match, the defined action for that session is taken (logging or notification) and other rules below the matched rule are ignored. eTrust Intrusion Detection processes network traffic as follows and as shown below:

Network Traffic Processing

  1. eTrust Intrusion Detection checks every new session on the network to see whether it is defined as an excluded service.
  2. If it is an excluded service, eTrust Intrusion Detection ignores the session.
  3. If it is not an excluded service, the session is included in the statistics and the process continues.
  4. eTrust Intrusion Detection then checks if the session matches a definition of one of the rules. The order of checking is as follows:
    bulleteTrust Intrusion Detection first checks if the event is defined as blocked by protocol for all traffic. If there is a match, eTrust Intrusion Detection terminates the session.

    bulleteTrust Intrusion Detection then checks if the event is defined as a URL to be blocked. If there is a match, the session is terminated.

If the first rule is not met, the program checks the second rule, and so on, until a rule is met, or all the rules have been checked. The order of checking between the types of rules is as follows:

bulletIntrusion Attempt Detection rules

bulletMalicious Applets and ActiveX Detection rules

bulletMonitor/Block/Alert rules

If you would like to request additional information on an eTrust network protection product or service, please click on the button below.

 

Service Strategies

Service Strategies Inc.

2392 Mount Vernon Rd

Dunwoody, GA 30338-3092

678-441-0020   800-662-1615

assist@ssimail.com

Copyright © 1998 - 2002 Service Strategies Inc. All rights reserved.
Revised: October 13, 2003.