Link Search Menu Expand Document

Network Security and Intrusion / Malware Detection

Overview

Keeping the network secure is as important as keeping it fully- functional. The traditional approach of just using an equipment at the gateway is not sufficient. The threats can emanate from inside the networks as much as they come from the Internet.

A functional and up-to-date Intrusion Detection and Prevention System (IDS/IPS) is an integral part of a secure network in addition to anti- malware software. An IDS/IPS inspects all the traffic passing through the network in real-time and matches them with pre-defined signatures to generate alerts and/or block the malicious activities from outside or inside the network.

A SIEM (Security Incident and Events Monitoring) system can collect logs generated from various components like firewalls, servers, IDS/IPS, network access controllers, DHCP Servers etc to provide a holistic view of the security situation of the network.

Common Problems

  • There are infected machines in the network which are generating huge amount of traffic affecting the whole network. These things can happen silently without any outward symptoms till it begins to affect users in a negative way.

  • There are Trojans installed in the machines which spread through the network or can be part of a bigger attacks and are just waiting for a trigger from “Command and Control” (CnC) server on the Internet

  • You are not even aware that there are a lot of Intrusion or Denial-of-Service (DoS) attacks are happening on your network which are eating system resources of your gateway firewall

  • Students could be trying to learn about security by attacking the servers inside the college network (or on the Internet)

  • Unauthorised access attempts to the servers or computers inside the network are not noticed

Benefits

  • Visibility into malicious activity present in the network - originating from either the Internet or within the local network

  • Automatic blocking of the hosts generating such activities from the Internet

  • Automatic isolation of the hosts generating malicious traffic from within the network with the users and administrators get notified of the same

  • Various vulnerabilities get highlighted on the SIEM which when fixed on time save the network from catastrophic downtime

  • The possibility of machines inside the network getting involved in large scale attacks on the Internet gets minimised to a great extent