Enterasys Dragon® Host Sensor and Web Server Intrusion Prevention DSHSS7-WEBIPS Folheto
Códigos do produto
DSHSS7-WEBIPS
Page 1 of 2 • Data Sheet
• Web Server Intrusion
Prevention
— Averts attacks on the
most widely used web
servers: Microsoft™ IIS
and Apache
servers: Microsoft™ IIS
and Apache
• File attributes monitoring
— Monitors file attributes
such as owner, group
• File integrity checking
— Determine if content has
been changed via MD5
hash
hash
• Log file analysis
— Analyzes files or dire c t o r i e s
against signature policy
• Windows event log analysis
— Monitors Windows event
logs for misuse or attack
• Windows registry analysis
— Analyzes Windows
registry for attributes that
should not be accessed
and/or modified
should not be accessed
and/or modified
• TCP/UDP service detection
— Monitors for opened TCP
and UDP ports, for
protection against
backdoor services
protection against
backdoor services
• Kernel monitoring
— Detects suspicious
privilege escalations and
o t h e r signs of kernel-level
compromise
o t h e r signs of kernel-level
compromise
• Custom module interface
— Provides an open and
easy interface for custom
module development
module development
• Customizable thro u g h
M i c ro s o f t ’s .Net Framework
— Custom modules can
extend functionality using
Microsoft’s .Net
Microsoft’s .Net
D r a g o n
®
Host Sensor and Web Server
Intrusion Prevention
•
Host-based intrusion defense via a modular, flexible architecture for
today’s most common operating systems
today’s most common operating systems
•
Protects at the host, database and application levels by monitoring the
operating system and crucial databases and applications
operating system and crucial databases and applications
•
Highly effective for meeting regulatory compliance through extensive
log analysis
log analysis
•
Application Intrusion Prevention module averts attacks on the most
commonly targeted web servers
commonly targeted web servers
Scalable, Flexible Host-Based
Intrusion Defense
Intrusion Defense
A host-based intrusion defense tool, Dragon
Host Sensor prevents web attacks and
monitors individual systems running today’s
most common operating system for
evidence of malicious or suspicious activity
in real time.
Host Sensor prevents web attacks and
monitors individual systems running today’s
most common operating system for
evidence of malicious or suspicious activity
in real time.
Dragon Host Sensor may be deployed on a
protected host where it uses a variety of
techniques to detect attacks and misuse on
the system, including analyzing the security
event log, checking the integrity of critical
configuration files, or checking for kernel-
level compromises. This hybrid approach
is very effective at meeting the current reg-
ulatory compliance mandated by HIPA A ,
S a r b a n e s - Q x l e y, etc.
protected host where it uses a variety of
techniques to detect attacks and misuse on
the system, including analyzing the security
event log, checking the integrity of critical
configuration files, or checking for kernel-
level compromises. This hybrid approach
is very effective at meeting the current reg-
ulatory compliance mandated by HIPA A ,
S a r b a n e s - Q x l e y, etc.
Dragon Host Sensor may also be deployed
on a dedicated analysis system where logs
are forwarded and analyzed from most
commercial firewalls, routers, switches
and other IDS devices. Correlating events
from these devices and from Dragon
Network and Host Sensors is critical in
identifying which events are the most
serious, as well as understanding their origin
and impact.
on a dedicated analysis system where logs
are forwarded and analyzed from most
commercial firewalls, routers, switches
and other IDS devices. Correlating events
from these devices and from Dragon
Network and Host Sensors is critical in
identifying which events are the most
serious, as well as understanding their origin
and impact.
T he new Dragon Host Sensor We b
Intrusion Prevention System module
averts attacks on web servers running
Microsoft IIS and Apache. The WebIPS
module works in conjunction with the Host
IDS Sensor application to provide maximum
protection while operating with minimal
overhead on the system. The WebIPS
provides threat prevention for a large array
of attacks and can terminate individual
malicious sessions.
Intrusion Prevention System module
averts attacks on web servers running
Microsoft IIS and Apache. The WebIPS
module works in conjunction with the Host
IDS Sensor application to provide maximum
protection while operating with minimal
overhead on the system. The WebIPS
provides threat prevention for a large array
of attacks and can terminate individual
malicious sessions.
Dragon Host Sensor 7 now supports custom
module development using Microsoft’s
.NET Framework. This allows users to
leverage the power and flexibility of the
.NET framework to customize Dragon’s
functionality to meet their needs.
module development using Microsoft’s
.NET Framework. This allows users to
leverage the power and flexibility of the
.NET framework to customize Dragon’s
functionality to meet their needs.
Dragon Host Sensor deploys advanced
techniques in identifying root-kits and
buffer overflows via its kernel-monitoring
module. This module traps and analyzes
all calls into the kernel and can identify
the existence of any kernel-level root-kit,
an absolute requirement in identifying
compromised systems before an attacker
completely covers their tracks. It can also
identify anomalous privilege escalations
resulting from successful buffer overflows.
Dragon’s kernel monitoring capabilities
are essential to protecting the kernal from
known or unknown attacks.
techniques in identifying root-kits and
buffer overflows via its kernel-monitoring
module. This module traps and analyzes
all calls into the kernel and can identify
the existence of any kernel-level root-kit,
an absolute requirement in identifying
compromised systems before an attacker
completely covers their tracks. It can also
identify anomalous privilege escalations
resulting from successful buffer overflows.
Dragon’s kernel monitoring capabilities
are essential to protecting the kernal from
known or unknown attacks.
Centrally managed via Dragon Enterprise
Management Server for signature and
configuration updates, Dragon Host Sensor
also reports all information—including
event description, source/destination IP,
source/destination port, raw log (if appli-
cable) and timestamp—to the Dragon
Reporting functionality within Dragon
Management Server for real-time alerting,
forensic and trend analysis, as well as
executive reporting.
Management Server for signature and
configuration updates, Dragon Host Sensor
also reports all information—including
event description, source/destination IP,
source/destination port, raw log (if appli-
cable) and timestamp—to the Dragon
Reporting functionality within Dragon
Management Server for real-time alerting,
forensic and trend analysis, as well as
executive reporting.
16976,9013765-2_Drag_HS-WSIP_DS 6/15/05 10:18 AM Page 1