|
| |
| SSi |
Intrusion
Detection Services
|
 Intrusion
Detection Focus on Monitoring and Detecting
TCP/IP
was designed to be flexible. This flexibility, together with the pervasive access of the
Internet, provides the basis for a person who understands the protocols and their
low-level characteristics to show-off. For example, "hackers" can use standard TCP/IP protocols to
determine internal addresses and then use standard services to tie up servers, clog up the
network pipe, or tie up clients. Additionally, by participating in "hacker"
newsgroups, these same hackers can learn about known TCP/IP or TCP/IP application software
bugs that can be exploited to the hackers' advantage. For example, the ping command is a
commonly used way for a network user to see if the server or client across the network is
reachable and how long it takes to reach it. However, if the ping payload is large enough
many TCP/IP stacks hang-up locking up the desktop or server. This denial of service
attack is often referred to as the ping of death. Other denial of service denial
attacks include:
 | Tying up the network pipe with valid low level activity that
are targeted at a specific network at a very high rate |
|
| Beginning and not completing sessions thus tying up the
network ports |
|
| Issuing valid user server commands that place the client
software in a control position |
|
| Sending email messages with attachments that contain viruses or worms
|
|
| Sending email messages containing vandals that can cause the
client's email application to give the attached executable code control
|
|
| Offering an interesting Web site which causes the client to
download Java or ActiveX applets which read
desktop information, transmit this information to another site and alter the desktop
controls |
|
The major thrust of these types of attacks and penetrations
is that they are based on applying standard features and using these for
inappropriate uses as well as using standard features to invoke system or
system application bugs. The potential of a barrage of attacks has given rise to a new
tool referred to as intrusion
detection services. These intrusion
detection services focus on monitoring and detecting known and suspicious patterns, and
offering both automated and manual real-time responses.
Sessionwall provides intrusion detection
services, virus detection and Java/ActiveX detection and blocking in an easy to install
and use manner. It also provides extensive usage documentation for subsequent legal
action, and reports to help identify other usage anomalies.
Sessionwall has been
renamed
eTrust Intrusion Detection
and is now considered to be part of the eTrust suite of eBusiness security
products. To learn more about eTrust
Audit and its components and features,
please
visit our web site dedicated to eTrust by clicking on the
button below.
 |
