spconverged.com

Newsflash 2
SP Converged Solutions starts the New Year with a promise to skill up the reseller channel with free IP training to all resellers who are interested in progressing their skills toward convergence in 2008.
You are here: Home arrow Products arrow Data Solutions arrow OfficeServ Intrusion Detection
OfficeServ Intrusion Detection PDF Print E-mail

OfficeServ Intrusion Detection System is integrated within the OfficeServ MP11 or WIM Modules.

-Identifies and blocks suspicious data packets that may be attacking the system
-Signature versus statistical
-Rules table: detects attack by matching them against a list of known signatures
-Rules need to be kept updated
-www.snort.org
 

IDS what’s that?

IDS

IDS stands for, Intrusion Detection System and refers to the process of monitoring and analysing network activity looking for signs of intrusion on your system. The objective is to watch for unauthorized intrusions and to alert the network administrator on any potential system or network security threats and weaknesses.

Essentially the IDS inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

The IDS inspects the data packets on the network and compares the activity against a set of predefined rules. It is important that these rules are continually updated to ensure that the IDS system is as up to date as possible and is aware of known security issues.

In order to ensure that the rules are current, the IDS within the WIM uses an application known as SNORT. Over the years SNORT has evolved into a mature, feature rich technology that has become the de-facto standard in intrusion detection and prevention. This is a major plus point for the OS7200.

From the WIM the latest SNORT rules can be accessed and downloaded, although the process will be refined in the full release version i.e. this is a service that we may offer Resellers/customers as a value add.

If an intrusion has been detected by the IDS, the system records the source IP address of the attack and the intended destination IP address. Moreover, the system applies a risk level, based on its rules setting and also provides a description of the attack. This information is relayed to the network administrator.

Is the IDS the same as the firewall?

The simple answer is no.

Though they both relate to network security, an IDS differs from a firewall in that the IDS looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from the network.

An IDS looks for and evaluates suspected intrusions, once identified it will signal an alarm. An IDS also watches for attacks that originate from within a system.

The IDS looks for suspicious activity and events that might be the result of a virus, worm or hacker trying to get access your system. The IDS achieves this by looking for known attack or intrusion signatures that characterize different worms or viruses and by tracking general variances that differ from regular system activity.

The OS7200 utilises a reactive IDS system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source, as well as sending an alert to the system administrator.

The IDS compliments the firewall.
 
< Prev   Next >
[ Back ]

Case Studies

Spyker Case study

SpykerF1 team choose best in class communications engine from Samsung

Ikea Case Study

Ikea“IKEA chose the Samsung system for all its immediate benefits

More...