|
Astaro's Intrusion Protection scans inbound network traffic and uses pattern recognition technology to detect over 1,500 types of probes, denial of service (DoS) attacks, and attempts to exploit application vulnerabilities.
Administrators can set thresholds for being notified about incidents, have suspicious traffic blocked, and enable and disable rules for maximum performance.
Extensive Detection Rules
Astaro?s Intrusion Protection utilizes a database of over 2,000 rules to detect patterns indicating:
-
 Hostile probing, port scans, backdoor probes, illegitimate interrogations, host sweeps and other activities.
- Denial of service (DoS) attacks like SYN flood.
- Protocol exploitations, leveraging weaknesses in DNS, FTP, ICMP, IMAP, POP3, RPC, SNMP, x11 and other network protocols
- Application attacks, exploiting programming errors in internally developed software and CGI scripts, and in popular applications and databases such as Oracle, MySQL server, Coldfusion and Frontpage.
- Targeted attacks that exploit the vulnerability of messaging and chat traffic and Peer-2-Peer (P2P) networking.
Intrusion Detection and Prevention
Astaro performs intrusion detection by identifying suspicious behavior and notifying the system administrator about incidents. The software can also provide intrusion prevention by working with the firewall to immediately block incoming traffic associated with intrusions.
Intrusion detection and prevention can be employed simultaneously.
New threat patterns are installed frequently through the Astaro Up2Date service. Astaro monitors and adopts new threat patterns posted to the database of the Snort project, the largest open source intrusion detection project.
Performance and Control
By putting intrusion protection in-line with the firewall, Astaro?s Intrusion Protection ensures that all Internet and VPN traffic is inspected, and that there are no delays as traffic is routed to a separate sensor.
The administrator can also tailor testing to each network and server by:
- Enabling or disabling any of the over 1,500 rules.
- Customizing existing rules or creating new ones.
- Performing certain classes of tests only on specific networks or traffic from specific servers (for example, executing email-related tests only on traffic to and from email servers).
Selected Classes of Intrusion Detection Rules
Probes and Attacks:
|
Applications and Services:
|
Protocols:
|
Backdoor software
|
Messaging and chat
|
DNS
|
Denial of service
|
MySQL Server database
|
FTP
|
Distributed denial of service
|
Oracle database
|
ICMP
|
Network scanning
|
CGI scripts
|
IMAP
|
Unwanted traffic
|
P2P networks (Napster, Kazaa)
|
NetBIOS
|
|
Coldfusion
|
NNTP
|
|
FrontPage
|
P2P
|
|
Microsoft IIS
|
POP2
|
|
Multimedia streaming software
|
POP3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Products and Solutions 
