Castleforce IT Security Team

Intrusion Detection

GCSx CoCo shows recoomendations for Intrusion Detection devices as these are a step in the right direction to  identity potential attacks

All IDS must be implemented using approved one way TAPS.

Network Intrusion Detection (IDS)

Intrusion Detection can be implemented at the host (End Point) or Network (Gateway) and is aimed to be an additional layer of security that further interrogates data passing through in order to find malicious activity.

As GCSx CoCo has identified needing one way TAPS it means that a Gateway IDS will need to be utilised to identify all the traffic passing through Network.

Stonesoft Securing Information Flow The Intrusion Detection appliances available from Stonesoft are recomeneded by ICSA Labs and the PCI DSS review board.  The IDS products available are vastly scalable and come as a hardware or virtual (VMware Certified) appliance.  

StoneGate IPS detects and stops hostile traffic and helps you meet regulatory compliance, including PCI-DSS.

Things that make our IDS/IPS unique are: -

  • Transparent Layer 2 Firewall - apply access rules as well as inspection rules
  • Fully Centrally Managed, not a Web GUI or CLI, drag-and-drop, failsafe remote updates / upgrades
  • Inline Serial Clustering to boost IDS/IPS inspection performance

Juniper-Networks-Performance-and-Networking-SecurityJuniper Networks IDP Series Intrusion Detection and Prevention Appliances offer the latest capabilities in network intrusion prevention to protect the network from a wide range of attacks. Using industry-recognized stateful detection and prevention techniques, the IDP Series provides zero-day protection against worms, trojans, spyware, keyloggers, and other malware.

Network Access Control Partners

NAC and IPS by ForeScout Technologies ForeScout’s clientless network access control (NAC) solutions enable customers to gain complete control over network security without disrupting end-user productivity. ForeScout’s CounterACT combines NAC and signature-less intrusion prevention in a single network appliance that interrogates and controls access of every device and seamlessly integrates with any existing IT infrastructure. ForeScout’s NAC is completely transparent and enables enterprises to tailor enforcement to match the level of policy violations, eliminating disruptions during device interrogation.

Host or End Point IDS IPS

Bit9 provides application whitelisting, real-time configuration audit, and change control Bit9 Application Whitelisting with Bit9 Parity Stop malicious and unauthorized software by blocking viruses, Trojans, application exploits, custom attacks, zero-day threats, and more.

For more details on Bit9

Contact-Castleforce-for-help-with-Compliance

Definition of Intrusion Detection 

Software or hardware used to identify and alert on network or system intrusion attempts. Composed of sensors that generate security events; a console to monitor events and alerts and control the sensors; and a central engine that records events logged by the sensors in a database. Uses system of rules to generate alerts in response to security events detected.

TAP stands for "Test Access Port". Network taps allow all traffic on a network device (such as a switch) to be passively monitored. They are relatively inexpensive, reliable, and provide permanent access ports to monitor traffic through. Taps are usually separate devices, but can also be built into a switch itself.

Wireless LAN (WLAN) Security

Aruba Networks secure wireless LAN products and services   Aruba's integrated policy-enforcement firewall, high-security encryption, standards-based authentication, wireless intrusion detection/prevention, and compliance audit reporting assistance meet or exceed the wireless LAN-specific security requirements in GCSx CoCo. Local Authorities using an Aruba solution can cost-effectively implement the Wireless security controls required for GCSx CoCo compliance without compromising the performance of business applications or upgrading legacy networks. 

Wireless Intrusion Prevention (WIP): The ability to detect and prevent rogue APs (Access Points) and over the air attacks is critical to maintaining confidential communications. Rogue APs become instant portals into the rest of the network, bypassing firewalls and other security systems. Aruba Networks APs can simultaneously function as a WIP sensor and an AP, eliminating the need for 3rd party dedicated security sensors.

Trend Micro Check Point firewalls and Pointsec Encryption software The Mycroft Gateway solution provides DSAS accredited hosting environments for UK Restricted data Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure AwareGO IT Security Awareness Training WatchGuard gives you powerful firewall and VPN appliances for small and medium-size enterprises Assuria Compliance and Vulnerability assessment, change detection, file integrity monitoring, Server Hardening and Log Management Lumension Security Extreme Network Switching Reseller Partner Boldonjames secure messaging and document solutions

© Copyright Castleforce 2007-2010. Web design by Theme Group