Enter the dragon: Enterasys intrusion detection

Johannesburg, 16 Oct 2001
Read time 1min 50sec

Enterasys Networks has released an intrusion detection system designed to meet the challenges faced by a modern network.

Dubbed the Dragon IDS, it provides high speed sensors to detect suspicious activity, forensic data to determine the impact of network attacks and the scalability to deploy and manage large numbers of sensors without negatively impacting the operation of large networks.

Martin May, regional director of Enterasys Networks (sub-Saharan Africa), says the Dragon IDS draws from three types of detected suspicious activity: "First, Enterasys Networks maintains an extremely large database of known hacker techniques. These techniques have corresponding `signatures` that are programmed into the Dragon network and host agents."

He says examples of hacker techniques include denial of service attacks and buffer overflows.

"Second, Dragon network and host agents are programmed to search for anomalies that are likely hacker attacks. These anomalies are less exact than a perfect match of a hacker technique, but are still highly effective for detection of port scans, distributed network probes, new forms of buffer overflows and denial of service attacks," he continues.

"And thirdly, all Dragon agents can detect security policy deviations. These policy deviations include detection of unauthorised network services, applications running on unusual ports and logs from network sessions denied by firewalls."

May says that besides categorising security events into three types of suspicious activity, the Dragon IDS also draws these events from three types of security technologies: network IDS, host IDS and firewalls.

The Dragon Sensor is used to monitor network packets for evidence of hacker and malicious employee activity. The Dragon Squire is used to monitor system logs and firewall logs. The Dragon Squire product can process logs from many major firewalls such as Raptor, NetScreen and Checkpoint.

All events detected by the Dragon Sensor and Squire are reported to the Dragon Server for analysis and correlation.

Editorial contacts
Howard Mellet Communications Lynette Lambert (011) 463 4611
Extreme Networks Martin May (011) 646 3323
See also