Axent NetProwler - Internet Intruder Detection

 
c2000 ~ products ~ security

Overview
Details
Options
Related Tools
More Info
 
AXENT NETPROWLER monitors and protects
your network from intrusion and attack


THE PROBLEM
Even with a firewall, you still have to let some Internet traffic into your computer network - for example e-mail, web access, your own staff. How do you stop the unwanted from using that firewall access to probe beyond and cause damage?

There are many such attacks that a firewall alone cannot prevent. For example, Denial of Service attacks, such as those that crashed so many large web sites in the spring of 2000. Similarly password attacks using legitimate staff accounts cannot be prevented by the firewall - and if a hacker breaks a password, they are at liberty to try many more attacks once inside the system.

So while firewalls offer perimeter and access controls -internal, remote and even authenticated users can attempt probing, misuse or malicious acts. Internet access comprises 57% of attack entry, and a third of corporate Intranets are penetrated by outsiders (ICSI/FBI survey).

A security strategy must provide countermeasures for the possibility of internal or external network attacks - attacks that attempt to exploit known vulnerabilities or circumvent corporate resource or application policies.


THE SOLUTION
Axent NetProwler complements existing security countermeasures and gives dynamic network intrusion detection. NetProwler instantly identifies, logs and terminates unauthorized use, misuse and abuse of computer systems by internal saboteurs and external hackers.

NetProwler invisibly and efficiently monitors all network traffic and examines every network packet for misuse. .

NetProwler's exclusive, patent-pending Stateful Dynamic Signature Inspection(tm) (SDSI) virtual processor not only prevents intruders from exploiting hundreds of known and new security flaws in real time, but its attack definition wizard enables network administrators to protect exposed corporate applications and stop even the most sophisticated assaults.


FEATURES AND BENEFITS
NetProwler is the only Network IDS to combine:

  • Detection of hundreds of common OS and application attacks in real-time
  • Network Profiling for "out-of-the-box" installation and automatic configuration
  • Does not affect network or application performance.
  • Comprehensive attack signature customization wizard to protect company-specific applications
  • On-the-fly loading of updates and new attack signatures while keeping defenses on-line and current
  • Integration with AXENT's award-winning Intruder Alert(tm) for enterprise monitoring of network and host security events.
  • Employs SDSI Technology for efficient performance
 
Details
Overview
Options
Related Tools
More Info

NetProwler provides an intuitive system interface for easy monitoring and configuration. NetProwler gives the administrator a task-driven system for step-by-step control.

NetProwler operates the NT platform's Ethernet network card to promiscuous mode, caching all network traffic for immediate analysis. Because it is only caching, not using store and forward, NetProwler does not affect network performance.

NetProwler's attack NetProwler's attack signature database identifies numerous known OS and application threats. AXENT Information Security SWAT Team uses automated methods to screen, identify and verify potential OS and network application vulnerabilities. The SWAT Team also produces and tests new attack signatures - available on-line and can be distributed as an email attachment. Updates can be dynamically loaded while keeping the IDS system on-line.

Auto-Configuration: NetProwler's new profiling system discovers popular systems and applications on a given network segment and then constructs an address book and application book. With this information, NetProwler can automatically configure itself to provide only relevant defenses. Profiling can be set at scheduled intervals so it can keep up with network changes.

Attack Signature Customization: Realizing that companies develop unique applications, NetProwler's intuitive attack definition Wizard enables administrators to create custom attack signatures - without programming. The interface supports drag and drop keywords, reserved words, arithmetic operators, search parameters and strings to define attack expressions without requiring programming. Within minutes, administrators can defend company-specific applications and resources from even the most complex attacks. This enables administrators to quickly define, test and deploy their own attack signatures and security policies to prevent attacks or violations against company-specific resources.

On-the-Fly Updating: Intrusion Detection Systems (IDS) are only as strong as their last attack signature update. Traditional IDS require that the system be brought off-line in order to accept an update. NetProwler employs SDSI technology, which separates the session processing, and analysis from the signature database. This enables NetProwler to dynamically load new updates, whether from the AXENT Information Security SWAT Team or custom attack signatures created by the administrator, without the need to take the system off-line.

Multi-platform Host IDS Integration: Intruder Alert is the first multi-platform, host-based IDS system with a central management console that lets users monitor both network-and host-based IDS systems enterprise-wide. The Intruder Alert manager and agent for Windows NT ships with NetProwler.

Proactive Reaction to Attacks: On attack detection or security violation, NetProwler's automated response capabilities include: session log, alert, record, terminate, report and firewall hardening (AXENT Raptor and CheckPoint Firewall-1). NetProwler's instant alerting capabilities include: posting on its event console, pager, SNMP or Email, HTML reports, report scheduling and forwarding event notification to AXENT Intruder Alert's manager and console. NetProwler includes predefined summary reports and charts which can be scheduled and mailed. The event log can also be exported and subsequently used by any standard report editor.

Ultimate surveillance: NetProwler's "conversations" feature offers extensive session monitoring of popular applications such as HTTP, FTP, TELNET, email, chat, rshell, and rlogin. This allows administrators to record or terminate a malicious session on the fly. Recorded data can be used for potential litigation or to facilitate the design of new, custom attack signature definitions. NetProwler can tamper-proof critical system files (Web, FTP and DNS server content, router tables...) by comparing mirrored systems to the original at scheduled intervals. NetProwler can also be configured to prevent access to hosts and applications during restricted hours.
 
Options
Overview
Details
Related Tools
More Info
 
Related Tools
Overview
Details
Options
More Info
RAPTOR Firewall Complete Firewall Security
DEFENDER Authentication Two-Factor Authentication
INTRUDER ALERT Intruder Detection
NETPROWLER Intruder Detection
NETRECON Automated Security Probe
MAIL ESSENTIALS Mail Security for Microsoft Exchange
PALLADIO Mail Security for Unix
 
Need more information?
Contact us for evaluations or pricing
Overview
Details
Options
Related Tools

Your Name :
Email :
Telephone :

 

Centreline 2000 - Uniplex, Unix, Windows and Internet
Arle Court, Hatherley Lane, Cheltenham, GL51 6PN
Tel: (UK) 01242 255 000
 

URL: www.c2000.com/products/sec_netp.htm
© 1995-2001 Centreline 2000
Last Updated: 1st September 2000
 
  Home
  Products
  Forums
  Contact Us
  Search and Sitemap
  
Home Search and SiteMap How to contact us Free Software for You to Downloads Details on Web Hosting, Design and Programming Full Products Pages NT & Unix Discussion Boards Over 2000 Links to other useful web sites Hot News and Advice on Unix and NT Newsletters packed with great advice, free subscription Full and extensive tutorials and training guides for Uniplex, NT and more Hundreds of Secrets, Tricks and Tips for Linux, Unix, Uniplex and Microsoft products Cream of the Crop: The Best IT Books reviewed and selected Hey, IT doesn't have to be boring!