Astaro’s Intrusion Protection application scans inbound network traffic and uses pattern recognition technology and anomaly detection to identity over 3,000 types of probes and attacks.

Extensive Detection Rules

Astaro’s Intrusion Protection utilizes a database of over 3,000 rules to detect patterns indicating:

• Hostile probing, port scans, back-door probes, illegitimate interrogations, and host sweeps.
• Exploitations of weaknesses in DNS, FTP, ICMP, IMAP, POP3, RPC, SNMP, x11 and other network protocols.
• Application attacks, exploiting vulnerabilities in home-grown software and popular applications such as IIS, Oracle, MySQL server, and Frontpage.
• Activities relating to messaging, chat traffic, and Peer-2-Peer (P2P) networking.

Anomaly Detection

“Zero-day-attacks” are malicious threats that attack networks before signatures have been developed. To protect against them, Astaro’s Intrusion Protection identifies typical network traffic patterns via statistical and heuristic analysis. It then alerts administrators when it detects anomalies that indicate attacks, such as new network services or previously unseen hosts.

Intrusion Detection and Prevention

Astaro’s Intrusion Protection application can notify administrators about suspicious behavior (intrusion detection) and work with the firewall to immediately block incoming traffic associated with intrusions (intrusion prevention).

New threat patterns are installed frequently through the Astaro Up2Date service. Astaro utilizes new threat patterns from the Snort project and from Sourcefire, the leading Open Source and commercial sources of intrusion patterns.

Performance and Control

Because intrusion protection is in-line with the firewall, all Internet and VPN traffic is inspected, and there are no delays as traffic is routed to a separate sensor. Rule changes are applied immediately, without any need to reboot the firewall or change network configurations.

The administrator can also tailor intrusion testing to each network by:

• Enabling or disabling any of the over 3,000 rules.
• Customizing existing rules and creating new ones.
• Performing tests only where they are needed (for example, email-related tests only on traffic to e-mail servers).

Selected Classes of Intrusion Detection Rules

Probes and Attacks:

• Backdoor software
• Denial of service
• Distributed denial of service
• Network scanning
• Unwanted traffic

Applications and Services:

• Messaging and chat
• MySQL Server database
• Oracle database
• CGI scripts
• P2P networks (Napster, Kazaa)
• Coldfusion
• FrontPage
• Microsoft IIS
• Multimedia streaming software

Protocols

DNS, FTP, ICMP, IMAP, NetBIOS, NNTP, P2P, POP2, POP3, RPC, SMTP, SQL, TFTP, X11.

• Astaro network security (545 KB)