While firewalls can be regarded as passive tools of protection, the so-called IDS, Intrusion Detection System or IPS, Intrusion Prevention System provides an active protection.

One system type connected to a given network analyses the traffic passing through the network in real time, searching for known attack patterns. In the event of a hit, it facilitates several ways of reaction – from the alarm through the automatic reconfiguration of the system as far as the interruption of the connection. The other type analyses the journal entries of certain given computers searching for signs referring to an intrusion. So, while the former type serves for the simultaneous protection of all the endpoints on a given network, the latter type requires its own IDS client for each separate end point.

Internet Security Systems

The ISS Proventia appliance solutions are based on the standard hardware and software platforms.  The hardware of the solutions is servers which can be built into an Intel based rack and also contain the required network interface cards. The operation system is individually installed Red Hat Linux provided with security complements. These are networking IDS/IPS tools capable of analysing the network traffic, sending alarms in the event of attacks or intervention if required. Depending on the type, these can be fitted into the system as ‘classical’ network IDS (connected to a monitoring port of a network device) or as inline IDS. In addition to this the product range contains an integrated network protection solution which integrates the firewall, IDS, virus protection, SPAM filtering and content filtering functions.

The ISS Proventia Server provides the secure run and availability of the applications and the confidentiality of the stored data. This centrally managed protection agent combines the intrusion detecting ability with the firewall functionality. By means of real time monitoring, our applications can be protected against the non-intended use or unauthorized intrusions.

The ISS Proventia Server implements a fully automatic real time intrusion detection and intrusion protection by analysing the events, the journal entries of the operation system, all the inbound and outbound traffic and blocks the suspicious activities before they can cause damage. The system applies protocol analysis and attack pattern comparison. Since it monitors all traffic it is able to prevent both known and unknown types of attacks. These are for example the buffer overflow, Trojan, brute force attacks, unauthorized accesses, worms and many other methods of attack.

The ISS Proventia Desktop application is an advanced desktop/laptop protection system: a full value intrusion detection and intrusion protection system. It interoperates with several VPN applications, so it is suitable for the protection of both the workstations on the office network and those of the mobile/remote users as well. The ISS Proventia Desktop protects the workstations by analysing all the activities, controls the operation and communication of the installed applications without causing any inconvenience for the user. The firewall component of the Proventia Desktop blocks the attack attempts. The system also analyses the enabled communication so it is capable of filtering the non-normal operation embedded into the enabled applications (e.g. traffic generated by Spyware). The analysis is extended to each package and connection. The protocol analysing engine decodes and structurally analyses the entire network communication so it is also capable of filtering the fragmented attack packages. If an attack is detected it intervenes and prevents its activity. While a personal firewall only enables or disables traffic types, the Proventia Desktop also analyses these ensuring the entire filtering functionality.