|
|
 |
| Intrusion
Protection
Astaro’s
Intrusion Protection application scans inbound network
traffic and uses pattern recognition technology
and anomaly detection to identity over 3,000 types
of probes and attacks.
Extensive Detection Rules
Astaro’s
Intrusion Protection utilizes a database of over
3,000 rules to detect patterns indicating:
|
Additional
Resources:
|
- Hostile
probing, port scans, backdoor probes, illegitimate
interrogations, and
host sweeps.
- Exploitations
of weaknesses in DNS,
FTP, ICMP, IMAP, POP3, RPC, SNMP,
x11 and other network protocols
- Application
attacks, exploiting vulnerabilities in home-grown
software
and popular applications such as IIS, Oracle, MySQL
server, and Frontpage.
- Activities
relating to messaging, chat
traffic, and Peer-2-Peer (P2P) networking.
Anomaly
Detection
“Zero-day-attacks”
are malicious threats that attack networks before
signatures have been developed. To protect against
them, Astaro’s Intrusion Protection identifies
typical network traffic patterns via statistical
and heuristic analysis. It then alerts administrators
when it detects anomalies that indicate attacks,
such as new network services or previously unseen
hosts.
Intrusion
Detection and Prevention
Astaro’s
Intrusion Protection application performs can notify
administrators about suspicious behavior (“intrusion
detection”) and work with the firewall to
immediately block incoming traffic associated with
intrusions (“intrusion prevention”)
|
 |
New threat patterns are installed frequently through
the Astaro Up2Date service. Astaro utilizes new
threat patterns from the Snort project and from
Sourcefire, the leading Open Source and commercial
sources of intrusion patterns.
Performance
and Control
Because
intrusion protection is in-line with the firewall,
all Internet and VPN traffic is inspected, and there
are no delays as traffic is routed to a separate
sensor. Rule changes are applied immediately, without
any need to reboot the firewall or change network
configurations.
The
administrator can also tailor intrusion testing
to each network by:
- Enabling
or disabling any of the over 3,000 rules.
- Customizing
existing rules and creating new ones.
- Performing
tests only where they are needed (for example, email-related
tests only on traffic to email servers).
Selected
Classes of Intrusion Detection Rules
| Probes
and Attacks |
Applications
and services |
Protocols |
| Backdoor
software |
Messaging
and chat |
DNS |
| Denial
of Service |
MySQL
Server database |
FTP |
| Distributed
denial of service |
Oracle
database |
ICMP |
| Network
scanning |
CGI
scripts |
IMAP |
| Unwanted
traffic |
P2P
networks (Napster, Kazaa) |
NetBIOS |
| |
Coldfusion |
NNTP |
| |
FrontPage |
P2P |
| |
Microsoft
IIS |
POP2 |
| |
Multimedia
streaming software |
POP3 |
| |
|
RPC |
| |
|
SMTP |
| |
|
SQL |
| |
|
TFTP |
| |
|
X11 |
|
New
threat patterns are installed frequently through the Astaro
Up2Date service. Astaro utilizes new threat patterns from
the Snort project and from Sourcefire, the leading Open
Source and commercial sources of intrusion patterns.
Performance
and Control
Because
intrusion protection is in-line with the firewall, all
Internet and VPN traffic is inspected, and there are no
delays as traffic is routed to a separate sensor. Rule
changes are applied immediately, without any need to reboot
the firewall or change network configurations.
The
administrator can also tailor intrusion testing to each
network by:
- Enabling
or disabling any of the over 3,000 rules.
- Customizing
existing rules and creating new ones.
- Performing
tests only where they are needed (for example, email-related
tests only on traffic to email servers).
Selected
Classes of Intrusion Detection Rules
| Probes
and Attacks |
Applications
and services |
Protocols |
| Backdoor
software |
Messaging
and chat |
DNS |
| Denial
of Service |
MySQL
Server database |
FTP |
| Distributed
denial of service |
Oracle
database |
ICMP |
| Network
scanning |
CGI
scripts |
IMAP |
| Unwanted
traffic |
P2P
networks (Napster, Kazaa) |
NetBIOS |
| |
Coldfusion |
NNTP |
| |
FrontPage |
P2P |
| |
Microsoft
IIS |
POP2 |
| |
Multimedia
streaming software |
POP3 |
| |
|
RPC |
| |
|
SMTP |
| |
|
SQL |
| |
|
TFTP |
| |
|
X11 |
|
|
