Intrusions are attempts to break into or misuse your computer system.  This can be something as severe as stealing confidential data or using a server on your network as a proxy system for email spamming. Intrusion Detection System (IDS) is a tool for detecting such intrusions. SafeIT Inc. implements two types of Intrusion Detection Systems: Network based intrusion detection systems (NIDS) - Monitors packets on the network medium and attempts to discover an intruder by matching the attack signature to a database of known attack signatures.  An example would be looking for a large number of TCP connection requests (SYN) to many different ports on a target machine, thus discovering if someone is attempting a TCP port scan.  A network intrusion detection system works by promiscuously watching all network traffic. Host based intrusion detection system (HIDS) - A host based intrusion detection system does not monitor the network traffic, rather it monitors what's happening on the actual target machines.  It does this by monitoring security event logs or checking for changes to the system, for example changes to critical system files or to the systems registry.    Host based intrusion detection systems can be split up into: System integrity checkers - Monitors system files & system registry for changes made by intruders.  Such changes can result in various network security mechanisms being bypassed (backdoors). Log file monitors - Monitor log files generated by computer systems. Windows NT/2000 & XP systems generate logs about critical security events on your system. These includes events such as when a user acquires root/administrator level privileges or Logon Password failures.  By retrieving & analyzing these security events one can detect intrusion attempts.

Back to SafeIT Inc. - Services

Copyright SafeIT Inc., 2004. All rights Reserved.