|
Intrusion Detection (ID) is the art of detecting
inappropriate, incorrect, or anomalous activity. ID
systems that operate on a host to detect malicious
activity on that host are called host-based ID systems,
and ID systems that operate on network data flows are
called network-based ID systems.
Sometimes, a distinction is made between misuse and
intrusion detection. The term intrusion is used to
describe attacks from the outside; whereas, misuse is
used to describe an attack that originates from the
internal network. However, most people don't draw such
distinctions.
The most common approaches to ID are statistical anomaly
detection and pattern-matching detection.
Why is intrusion detection required in today’s computing
environment?
In today’s computing environment, intrusion detection is
required because it is impossible to stay abreast of the
current and potential threats and vulnerabilities that
are inherent in our computing systems and networks. The
environment is dynamic. It is continuously evolving and
changing driven by new technology and the growth of the
Internet. To make matters worse, threats and
vulnerabilities in this environment are also constantly
evolving. Intrusion detection products are tools to
assist in managing threats and vulnerabilities in this
changing environment.
Historically, those responsible for data management and
security automatically assumed Intrusion Detection
Systems (IDS) would be the ultimate solution to all
network and organization problems. Most companies deal
with this technology like it is a monolithic solution.
This practice is not necessarily valid when applied to
any security technology. It just doesn’t work that way,
as much as we’d like it to. Most users and managers fail
to understand that IDS' core design and function is to
protect the individual’s or organization's mission
critical and most private data from an outsider.
Changes in this position are now being seen as more
organizations want to monitor their networks and
individual systems because studies shows the majority of
all losses in the commercial sector involve insiders.
They now want to use the IDS in any of the following
combinations: To track down insiders, catch them in the
act, get the evidence needed for prosecution, fire them
or take them to court for indictment.
Another factor to consider is technology is still at its
infancy and intrusions get missed due to its immaturity.
IDS' role must evolve to include better logging and a
collections of forensic tools to use the information as
evidence in determining what happened and who was
involved.
What are intrusion detection products and what do they
do?
Intrusion detection products, or Intrusion Detection
Systems (IDS) as they are called, are tools that can
assist in protecting an individual or company from
intrusion by expanding the options available to protect
information and manage the risk from threats and
vulnerabilities. Intrusion detection capabilities can
help the individual or company secure their vital
information. The tool could be used to detect an
intruder, identify and stop the intruder, support
investigations to find out how the intruder got in, and
stop the exploit from use by future intruders. The
correction should be applied on all computers that
connect to a network, are accessible by unauthorized
users, are or are implemented across an enterprise to
all other platforms. Intrusion detection products can
become a very powerful tool in the information security
practitioner’s tool kit.
What are
vulnerabilities?
Vulnerabilities are flaws and/or weaknesses in systems
and networks. Vulnerabilities can be exploited and used
to compromise your system and or network of systems. New
vulnerabilities are discovered continuously. Every new
development of technology, product, or system brings
with it a new set of opportunities for hackers to
explore, knowing there is a new generation of bugs and
unintended conflicts or flaws. Also the possible impacts
from exploiting these vulnerabilities is constantly
evolving. In a worst-case scenario, an intrusion may
cause production downtime, sabotage of critical
information, theft of confidential and private
information, cash, or other assets, or even negative
public relations that may affect a company’s stock
price.
What are threats and who is responsible for them being
launched?
Threats take many forms. Viruses, Trojan horses or
hidden programs that are planted in your computer to
start executing at a predetermined time, break-ins to
steal personal or confidential data are examples of
common threats. Their originators are people or groups
who have the potential to compromise your computer
system. These may be a curious teenager, a disgruntled
employee, a thief who wants to steal your identity for
personal gain, or espionage from a rival company or a
foreign government. The hacker has become a nemesis to
many companies and often uses a private individual’s
computer as a launching pad for their actions to hide
their true location.
What is the risk to Windows from Dedicated Internet
Connections?
One of the most dangerous and least recognized
vulnerabilities to home pc users and enterprise
LANS/WANS is unauthorized access via a dedicated network
connection regardless of whether connected to the
Internet or an Intranet. Although this problem can exist
across a multitude of operating systems and Internet
connection types, Windows with a digital subscriber line
(DSL) or cable modem based Internet service are
particularly vulnerable to security breaches. However,
one should not dismiss the possibility of intrusion
through modem dial-up or dedicated connections through
phone lines.
More and more users are moving away from the traditional
dial-up modem as the preferred method to connect to the
Internet. While reaping the benefit of vastly superior
performance, these users, with static addressing and
full time connections, are also becoming increasingly
aware of security implications associated with the
broadband connections. It is becoming disturbingly
common to hear of incidents where home-based broadband
connected systems have been accessed and violated by
persons who are unknown. And it is particularly
concerning to realize that the vast majority of the
time, due to inadequate intrusion protection facilities,
the intrusion(s) have gone and continue to go
undetected.
Com-Guard Pro and ComputerSafe both detect and record
intrusions that attempt to gain access to your protected
files and eliminates the possibility of your data being
compromised. Not only do they lock or hide your files,
they can also be encrypted to provide maximum
protection. In fact, Com-Guard recommends things like
address books, contact lists, PDA Desktop programs, and
you My Documents folder – where you should store all of
you personal data files - be protected by Com-Guard.
Can you describe multi-layered computer security and how
an IDS fits in?
The layered security approach can be compared as an
analogously of weathering out a winter storm. Many
people know the feeling of being stuck at home during a
winter blizzard. The things one does in a winter storm
are to heat some soup, turn up the furnace, snuggle up
under the blankets, and start a fire in the fireplace.
All of these things lead to a warm and secure feeling
while waiting for the storm to pass. It's this
utilization of separate things in the household that
results in an overall approach that gives us that warm
and fuzzy feeling in a winter storm. Thus, computer
security is the most effective when multiple layers of
security are used within an organization.
The most common misconception is that a firewall will
secure your computer facilities and additional steps
don't need to be taken. A firewall is just one component
of an effective security model. Additional components or
layers should be added to provide an effective security
model within your organization. The security model that
will protect your organization should be built upon the
following layers:
-
Security policy of your organization
-
Host system security
-
Auditing
-
Router security
-
Firewalls
-
Intrusion detection systems
-
Incident response plan
Using multiple layers in a security model is the most
effective method of deterring unauthorized use of
computer systems and network services. Every layer
provides some protection from intrusion, and the defeat
of one layer may not lead to the compromise your whole
organization. Each layer has some inter-dependence on
other layers. For example, the intrusion detection
systems and the incident response plan have some
interdependencies. Although they can be implemented
independently, it's best when they're implemented
together. Having an intrusion detection system that can
alert you to unauthorized attempts on your system has
little value unless an incident response plan is in
place to deal with problems. The most important part of
overall security organization is the security policy.
You must know what you need to protect and to what
degree. All other layers of the security model follow
logically after the implementation of the organization
security policy.
In summary, an intrusion detection system is just one
component of an effective security model for an
organization. The overall security integrity of your
organization is dependent upon the implementation of all
layers of the security model. The implementation of the
layered approach to security should be undertaken in a
logical and methodical manner for best results and to
ensure the overall sanity of the security personnel.
How long is the Com-Guard license agreement for?
Our present policy is that when you purchase any
Com-Guard product it is yours to use forever (with the
except of any subscription based products such as SafePC).
With the purchase you also receive one year of free
updates and online technical support and Com-Guard
upgrades. After the first year, there may be a nominal
fee to update your license and continue receiving
product updates and technical support. If you do not
renew your license, Com-Guard will still continue to
work and protect your computer but may not include new
features that are subsequently released. We highly
recommend updating your subscription for Com-Guard each
year. It is important to continue to stay ahead of any
internal or network based attackers with the latest and
greatest security and privacy features.
If I would rather not use a credit card online, can I
still place an order?
Yes! We are able to manually process orders over the
phone for our products. However, special arrangements
would have to be made to download the product at that
time. Normally, phone orders for products would be
shipped rather then downloadable at time of purchase.
Therefore, a shipping and handling charge would apply.
To place an order by phone, call us at 800-704-7038.
|
