   
|
 |
|
 |
|
 |
|
 |
Firewalls and Intrusion Detection Systems Are Not Enough
- Netcom Reseller Magazine
Dean Hickman-Smith explains why network managers should be looking
beyond simple firewalls and IDS
Netcom Reseller Magazine - September 2001
The majority of computers and computer networks, even those
in the home, now have some degree of attack protection. Virus scanning is commonplace
and an increasing proportion of IT networks now have firewalls as standard. But
in the corporate world, simple firewall protection is no longer sufficient to
provide protection from the increasing variety of attacks that are launched at
the corporate network. Additional security tools are required for those organisations
that are at great risk from attacks by the hackers and network intruders that
are growing increasingly adept at discovering holes in network security infrastructure.
These network attacks may manifest themselves from either the Internet or intranet
side, and so it is imperative to provide protection on both sides.
To enhance the security provided by firewalls, intrusion detection
systems (IDS) have been developed to provide a greater analysis of the data on
the network. By matching data patterns to a library of attack signatures, these
devices give a higher degree of protection than that provided by a firewall and,
used together with a firewall, provide a complimentary security solution. However,
as networks scale towards ever-increasing bandwidths and throughput, the biggest
issue affecting both of these devices is volume-based high-speed attacks, which
can easily swamp the processor-based platforms on which they run. Top Layer’s
AppSwitch is a high-speed security device that offers a full set of protection,
detection and containment capabilities for today’s gigabit networks. Together
with Top Layer’s suite ofAdaptive Security custom software modules, the AppSwitch
provides a multi-faceted security solution that works in consort with firewall
and IDS technology to offer a high level of protection against network attacks.
The AppSwitch recognises and repels the most damaging of network attacks for online
businesses - Denial of Service attacks and Distributed Denial of Service attacks.
The device is uniquely capable of inspecting every packet that crosses the network
for threats. The key to this function is Flow Mirror technology, which distributes
traffic flows to a bank of intrusion detection systems and also copies the flows
to additional devices such as traffic analysers. This feature enables the AppSwitch
to enhance and accelerate IDS platforms, allowing them to scale up to gigabit
speeds while maintaining maximum detection of attempted intrusions.
In addition to the ability to identify and reduce the impact of
network attacks, providing the information necessary to identify the source and
monitor the progress of an attack is becoming increasingly necessary. By looking
at attack patterns and understanding how, where and when they have infiltrated
the network, the network can be tuned or ‘hardened’ to provide even
higher levels of protection. Most firewalls and IDS have logs that store rudimentary
information, usually for a limited period of time, about event activity. Advanced
hackers, however, can cover their tracks by manipulating these logs, or disabling
them through denial-of-service floods. Top Layer’s SecureWatch software works
independently of these logs, creating a record-keeping redundancy that becomes
critical if an attack needsto be reconstructed. SecureWatch examines and records
the activity leading up to the breach and immediately notifies the network operators
so that they can take corrective action rapidly. The captured information, which
might include IP addresses, ports, protocol, user names, or application type,
can then be analysed to determine the methods, intent, and identity of the intruder.
By bringing together the best in software attack detection and
prevention with firewall and IDS software products, and the attack mitigation
features of the AppSwitch, and the forensic analysis capabilities of SecureWatch,
a realistic security solution can be achieved, providing maximum uptime with maximum
security.
| Company
| Products | Solutions
| Resource Center | News
& Events | Partners Support | Site Map | Contact Us | Search | Regions | Privacy Policy |
1 Cabot Road, Hudson, MA 01749 Phone:+1.978.212.1500 ©1999-2010 Top Layer Networks. All Rights Reserved.
View testimonials for Intrusion Prevention