What is the difference between intrusion detection and intrusion prevention?

Intrusion detection Systems (IDS) are an excellent security technology to augment a layered network security structure. IDS rely on pattern recognition algorithms to identify the "signature" of an intrusion attempt. The database of signatures must be updated to address new attack techniques as they are developed.

Host intrusion prevention, however, uses an architecture that combines the flexibility and strength of a packet filter firewall, stateful packet inspection and, active intrusion detection. This permits CyberwallPLUS to identify and stop common attack styles and recognize new variants of these attacks.

top

What is distributed security?

The distributed security concept puts intrusion prevention on every node on the network. By placing intrusion prevention on every node you are not only protecting each of the computers connected to the network, you are protecting the network itself from attack.

top

Why should companies distribute security?

The perimeter firewall is called upon to pass all legitimate traffic for every network node it protects. This creates potential security conflicts and thus vulnerabilities for the perimeter firewall. By distributing security down to the individual node, the security rules can be tailored around the node's application. This makes each node and the entire network more secure, as a result.

top

What is host intrusion prevention?

Host intrusion prevention is distributing traditional network security techniques such as packet filtering, stateful packet inspection, and intrusion detection down to the individual network node. By distributing the security down to the host, rules can be customized providing greater security than is possible with network security devices. On the host, intrusion detection integrated with firewalls creates a self-defense mechanism which y shuts down attacks before damage occurs.

top

Why should I be concerned about security? 

If your organization is connected to the Internet, you should be concerned about security. Imagine the possible damage that could be done to your business by malicious persons who can exploit your network/services to gain total control of them to use for their own ends. The more your business depends on your Internet based network/services, the greater the potential risk you face. If you would like to get a thorough understanding of all the potential risks, the issues involved, and a practical approach to security in the modern world, you are highly advised to read "Secrets and Lies / Digital Security in a Networked World" by Bruce Schneier (ISBN 0-471-25311-1) . He has done a better job of explaining in clear and easily understandable detail (even to the non-technical mind) what digital security is, and why you should care, than we could ever do on our web site without shamelessly plagerising his work.

top

Will an Intrusion Detection System (IDS) make my network/systems secure?

Not in and of itself, no. However, IDS can be an incredible asset in a security arsenal. If you follow security news, you know that many companies have fallen prey to malicious attackers, and the attack has gone un-noticed for weeks, and sometimes months and years. An IDS system, in the hands of a qualified security professional, will detect attempted (and successful) attacks against your network, and provide you with the log records to know exactly what they did, how to fix it, how to stop it from happening again, as well as the critical packet-trace evidence you will need to pursue criminal prosecution should you want/need to do so.

top

All I have is a firewall, do I need this service?

 Firewalls are one of the first things hackers attempt to penetrate. Most firewalls produce a rather extensive set of logs. Most of this information may be meaningless or innocuous. However, hidden within the logs could be a very subtle intrusion attempt, or unauthorized access. Our analysts are trained to spot intrusions, analyze them, and then suggest solutions to stop or block the unauthorized access.

top

What is the importance of a well-designed DMZ?

In order for a company to have a secure network they must have a well-designed DMZ. A well-designed DMZ separates sensitive information found on the internal corporate environment from the outside world. Using a security approach that includes Routers, Firewalls, Mail servers, DNS servers and Intrusion Detection Systems to buffer and filter Internet traffic you can keep unwanted traffic out, allowing business to continue operating smoothly. A well designed DMZ prevents people outside your network from being able to probe your network, internal DNS servers, mail servers and other mission critical systems by first blocking unwanted traffic, then by proxying traffic internally through the DMZ and finally by detecting any unwanted traffic.

top

How can proper security policies and procedures help my organization?

Having proper security policies is a vital part of any organizations successful security IT infrastructure. Without proper policies and procedures in place dictating how systems are to be run and operated, security of the systems is left to subjective interpretation. Some administrators may secure their systems well, while others may take the path of least resistance or sparsely secure their servers for ease of operation. It is vital you do not leave your organization's business operation to chance. Establish a good security policy and perform regular policy compliance checks. Senior management should establish policy and give the primary directive to create a computer security program, establish its goals and assign responsibilities. These directives should also offer specific rules established for the security of each system, which should be enforced by a system's technical controls as well as management and operational controls.

top

How do I know if my company's telecommunications solution is safe?

Large Companies can own thousands of phone numbers. How do they know if all "known" dial-in lines are secured properly? Many times company security policies and practices fail to include telecommunications solutions since they are perceived as an antiquated and low risk area. Current hacker activity suggests that exploiting the telecommunications infrastructure is still among the most popular and successful methods for invading corporate networks. Scanning blocks of phone numbers to identify entry points is an easy process for hackers and a proven way to bypass a well designed DMZ and firewall. Even if your organization has good security on "known" dial-in lines, the potential for "unknown" dial-in lines introduced to your network without your knowledge present another potential opportunity for unauthorized remote entry. Within a large organization, performing a Telecommunications Assessment and Penetration Study will turn up any "forgotten" dial in lines as well as those lines setup by individual users utilizing remote access programs such as PC-Anywhere. Hackers who identify these sessions are provided with a free "backdoor" into your network thereby bypassing your entire security architecture. All good security efforts often go wasted because a hacker accesses your systems through an unauthorized or poorly configured dial-up session.

top

What do I do if I think our organization has been hacked?

The most important thing to do when you think a breach of security has happened is to ensure that qualified personnel are addressing the issue. Knowing how to recover your mission critical systems, how to quickly secure your systems and finally how to address/collect evidence on the intrusion are of utmost importance. Should you turn off all external connectivity? Should you attempt to collect information on the hacker if the attack is on going? During the investigation process, is your goal to prosecute or disable or fire those responsible? These are all important questions, which will greatly differ from company to company and each solution should be tailored to your organization's individual business needs.

Advanced planning should be done if your organization requires the collection and preservation of evidence for future legal activities. Ensuring that proper auditing is enabled, installing Intrusion Detection Systems, Firewalls and Honeypots and implementing a security policy that addresses potential scenarios are initiatives of great importance. Training your staff to handle security situations is also a key consideration should your organization encounter a compromise situation.

top