Network Protection

Network Protection Requires The Right Tools

Unfortunately, even using the right tools without an audit mechanism may cost companies dearly. For example, according to leading firewall experts, over 50% of the installed firewalls are implemented incorrectly due to lack of expertise, the subtleties of the configuration, and the vulnerabilities in the underlying operating system.

As a result, it is no wonder that companies have been slow to use network protection tools. Most companies want to see more pieces of the network protection puzzle in place before they make a purchase. Companies are looking for components that crisply display their network's usage in order to identify where policies are required and what needs to be blocked. Additionally companies want verification that they are receiving the policy compliance and network protection they expect.

Sessionwall provides extensive network protection including intrusion detection (service denial attacks, suspicious activity, malicious applets, viruses), blocking, alerting and logging.

Denial of Service Detection and Prevention

WinNuke. Ping of Death. SYN attack. These are only some of the tactics used by parties to deliberately breach your network protection and impair your network’s functionality. Sessionwall combats this problem by automatically detecting a number of denial of service attacks. Upon detection, Sessionwall responds by sending an alert which allows immediate reaction to the attack. Sessionwall also provides a detailed report of these and other suspicious network activities.

Intrusion Detection of Known Patterns

Sessionwall not only detects attempts at damaging or reducing your company network’s functionality, but also shows you how to deal with these network protection breaches. Intrusions can include, for example, attempts to misuse and confuse the FTP server, attempts to obtain directory listings on the Web server, or attempts to read files on your network. When these events are detected, Sessionwall immediately sends an alert. The alert message includes the source of the intrusion, a description of the intrusive action and suggestions on how to counteract this action.

Virus Detection and Active Email Content

By allowing personnel to send and receive Email messages over the corporate network, you are exposing your network to possible viruses and active components that could affect the way your network functions. To establish network protection from this type of abuse, but still allow personnel to use Email functions, you can have Sessionwall check all incoming and outgoing Email messages for viruses, Java applets and other active components. When these components are detected, Sessionwall immediately sends an alert. The alert message includes details on the virus or active component and suggestions on how to react.

URL Active Content Detection and Protection

Many Web pages contain active components (e.g. Java applets and active X) that could invoke functions you would like to be aware of. These functions can include executing certain files on your network, reading files on your network or opening a socket to listen to your network’s traffic. When users ‘surf’ the Web and view Web pages, they could inadvertently be putting your network at risk. But, using Sessionwall to detect these active components, you can decide on a suitable network protection action. Sessionwall returns network control to your company.

Protecting Servers from Hostile Access

Users can easily access Internet and Intranet servers. Regular access control is via passwords, which can easily be hacked. In many cases, once a user has access to a server, access rights can easily be changed. Sessionwall can provide protection for network servers from hostile access by blocking access to specific servers from a specific group of users, stations or environments; logging and blocking future attempts to access a server using an incorrect password; by identifying attempts to use a known hole in the server to change access rights; and by providing detailed usage reports which can be used to trace the source of hostile accesses.

Identifying Irregular Use and Special Protocols

Protocols such as RealAudio and Net2Phone take up a lot of bandwidth. Excessive use of these protocols can significantly slow down network traffic. Using the data that Sessionwall collects, you can easily pinpoint the users of these protocols and decide on ways to reduce or stop these activities. Sessionwall also detects situations where unauthorized stations are using a specific service on your network (e.g. users outside the organization are using the organization’s Email server to receive mail, or root access is being used to initiate Telnet sessions from machines not in the local network).

Blocking Network Games

Network games not only reduce productivity, they also slow down network traffic. As a solution to this problem, Sessionwall allows you to block Doom and Quake – two interactive network games.

Updating the Viruses and Intrusion Pattern Lists

New viruses and intrusion types are constantly being discovered. As part of our ongoing commitment to network protection by shielding our customers’ networks from intrusions, abuses and productivity loss, Sessionwall includes a subscription feature which allows updating the built-in lists of viruses and intrusions. These lists include a list of known viruses for virus checking, a list of intrusion detection rules and a list of categorized URLs for blocking purposes.

Sessionwall has been renamed eTrust Intrusion Detection and is now considered to be part of the eTrust suite of eBusiness security products. To learn more about eTrust Audit and its components and features, please visit our web site dedicated to eTrust by clicking on the button below.