Open Menu Close Menu

All Secure: Intrusion Detection Devices

When we connect to the Internet, the Internet is also connecting to us, in that we are literally linking electronically with thousands of other computers around the world. That world, unfortunately, includes hackers, who may have malicious intentions. Even individual users with always-on DSL or broadband connections have to be wary of security breaches. On large networks, the increasing diversification of network enterprises, including wireless access, telecommuters, and VPN (virtual private network) connections, complicates the issue. In order to guard against intruders and mischief-makers, most of us need security on our systems.

Network ICE, now a part of Internet Security Systems (ISS), offers intrusion protection for both consumers and large institutions, or enterprises. BlackICE Agent is a host-based product for individual users. BlackICE Sentry, a network-based product, is designed for high-speed, switched environments. It monitors all network traffic and alerts the ICEcap Manager of any suspicious traffic. Manager correlates information from multiple Agents and/or Sentries and sends alerts to the administrator about attempted attacks. It also automatically updates systems to protect them from future attacks.

ZoneAlarm Pro v. 2.6 from Zone Labs also provides protection against a variety of threats. ZoneAlarm, designed for the home office as well as corporate customers, combines firewall protection with intrusion detection. The latest version of this out-of-the-box product features "hardened security" at the operating system level to patch Windows OS vulnerabilities and protect users from sabotage. Version 2.6 features rated and color-coded pop-up alerts, instant advice for all firewall and program alerts, and a tutorial. In order to guard against e-mail–based invasions, ZoneAlarm Pro's MailSafe E-mail Attachment Protection safeguards users from inadvertently executing unsafe attachments to e-mail messages.

Symantec's NetProwler product is a network-based intrustion detection software (IDS) designed to automatically discover popular systems applications and apply the appropriate protection with minimal administrator intervention. Version 3.5 offers an automatic download feature that lets organizations build and deploy custom attack definitions on the fly. Administrators can easily drag and drop specific security directives into pre-defined, logical groups of systems with specific functions for customized, automated management. NetProwler uses a proprietary SQL database back end capable of handling large-scale IDS deployments. Privacy and integrity are ensured via the use of Blowfish encryption, MD5 digital signatures, and key exchange.

SecureNet Pro from responds to attack signatures with rapid attack definition speed and a high degree of accuracy. Complete extensibility lets users choose which signatures are string-matched and which are context analyzed, customizing the system as needed and reducing the number of false positives. The product cuts packet handling by 33 percent and can be bundled onto appliances to lower the cost of ownership and speed implementation.

NFR Network Intrusion Detection version 5 is a full-featured package that offers ease of use and customization. The system boots off a CD-ROM, simplifying installation and upgrading. NFR's components were designed within the company and use the same graphical capabilities, so users familiar with one product will quickly become familiar with the others. At the same time, NFR allows more sophisticated users to develop signatures for attacks that are specific to their organizations.

comments powered by Disqus