beautypg.com

Intrusion detection and prevention, Overview, Subscribing to clavister idp – Amer Networks E5Web GUI User Manual

Page 469: Tion 6.5, “intrusion detection and prevention, Section 6.5, “intrusion detection and prevention

background image

6.5. Intrusion Detection and Prevention

6.5.1. Overview

Intrusion Definition

Computer servers can sometimes have vulnerabilities which leave them exposed to attacks
carried by network traffic. Worms, trojans and backdoor exploits are examples of such attacks
which, if successful, can potentially compromise or take control of a server. A generic term that
can be used to describe these server orientated threats are intrusions.

Intrusion Detection

Intrusions differ from viruses in that a virus is normally contained in a single file download and
this is normally downloaded to a client system. An intrusion manifests itself as a malicious
pattern of Internet data aimed at bypassing server security mechanisms. Intrusions are not
uncommon and they can constantly evolve as their creation can be automated by the attacker.
cOS Core IDP provides an important line of defense against these threats.

Intrusion Detection and Prevention (IDP) is a cOS Core subsystem that is designed to protect
against these intrusion attempts. It operates by monitoring network traffic as it passes through
the Clavister Security Gateway, searching for patterns that indicate an intrusion is being
attempted. Once detected, cOS Core IDP allows steps to be taken to neutralize both the intrusion
attempt as well as its source.

IDP Issues

In order to have an effective and reliable IDP system, the following issues have to be addressed:

What kinds of traffic should be analyzed?

What should we search for in that traffic?

What action should be carried out when an intrusion is detected?

cOS Core IDP Components

cOS Core IDP addresses the above issues with the following mechanisms:

IDP Rules are configured by the administrator to determine what traffic should be scanned.

Pattern Matching is applied by cOS Core IDP to the traffic that matches an IDP Rule as it
streams through the gateway.

If cOS Core IDP detects an intrusion then the Action specified for the triggering IDP Rule is
taken.

6.5.2. Subscribing to Clavister IDP

Clavister IDP is purchased as an additional component to the base cOS Core license. It is a
subscription service and the subscription means that the IDP signature database can be
downloaded to a cOS Core installation and also that the database is regularly updated with the

Chapter 6: Security Mechanisms

469

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: