| |
 |
IDS |
 |
 |
- The confidentiality of data residing within and traveling across a network
- The integrity of the above data
- The availability of a network and its components
A Firewall can participate in insuring the confidentiality, the integrity and the availability of a network by granting or denying access to the network resources.
Intrusion Detection System, or IDS, are indispensable components of security strategies. Their use in based on the fact that an IT system is subject to attacks or reconnaissance-type activities. If a Firewall allows traffic flow to a system, the IDS monitors this allowed traffic to detect potential attacks.
The combination of Si.Net IDS and Si.Net Firewall, insures a higher level of security and traffic analyses and monitoring.
Si.Net Intrusion System is an IDS appliance that supports several interfaces or sensors.
Features
Si.Net Intrusion Detection System has the following features:
- Real time monitoring of the traffic and real time alerts generation
- Process the generated alerts with a web interface
- Regular updates of the detection rules
- Several sensors on the same hardware instead of several standalone sensors
- can be integrated on the same hardware with Si.Net Firewall
General Overview
Si.Net Intrusion Detection System is a security technology that attempts to identify and isolate ''intrusions'' against computer systems. All ID systems share a general definition of ''intrusion'' as an unauthorized usage or misuse of a computer system.
Si.Net Intrusion Detection System is an important component in securing data systems. It complements other security technologies as firewall systems, mail and web filtering. By providing information to site administration, ID allows not only for the detection of attacks explicitly addressed by other security components such as firewalls, but also attempts to provide notification of attacks unforeseen by other components. In a manner, ID systems attempt to make attackers more accountable for their actions.
There are many different ID systems deployed worldwide, and almost as many different designs for them. But we can define a set of components that together form an intrusion detection system. These components include event generators, analysis engines, storage mechanisms and even countermeasures.
Because of its importance within a security infrastructure, it is important that intrusion detection systems function as expected. In order to be useful, administrations need to be able to reply on the information provided by the system that doesn't give a false sense of security.
Given the implications of the IDS failure, it is reasonable to assume that ID systems are themselves logical targets for attack.
A smart intruder who realizes that an IDS has been deployed on a network, will likely attack the IDS first, disabling it or forcing it to provide false information.
The most obvious aspect of an IDS to attack is its ''accuracy''. The ''accuracy'' of an IDS is compromised when something occurs that causes the system to incorrectly identify an intrusion when none has occurred (false positive), or when something occurs that causes the IDS to incorrectly fail to identify an intrusion when one has in fact occurred (false negative).
|
|
|
