Linux Business Solutions

 » Support
 » Training
 » Development

 » Firewall
 » Intrusion Detection
 » VPN
 » Security Audit

 » File & Print Server
 » Web Server
 » Mail Server
 » Proxy Server

  · home · services · solutions · products · corporate

Professional Services » Intrusion Detection

Since the introduction of the internet, networked computers are more open to attack than ever before. A properly configured firewall is a first step towards a secured network environment. An important aspect of enhanced network security is an Intrusion Detection System (IDS). However it is no use implementing an IDS without a firewall, as it is no use to install a burglar alarm without locking the doors first.

Intrusion detection is an intelligent technique used to monitor and possibly prevent unauthorized access to your network environment and computer systems, log the attempted attack and help trace back the attacks origin. The IDS differs from a firewall in that it will try to distinguish authorized access from unauthorized access based on a pattern database. Linugen has divided its IDS services in three categories:

Host-based Intrusion Detection

Host-based Intrusion Detection works by auditing system events and logs and taking appropriate action. Host-based IDS's are in general more simple to configure and maintain than Network-based Intrusion Detection Systems. Another advantage of Host-based IDS's is the fact they do not have to reside directly on the network, they can analyze data off of the firewall or other networked servers.

Network-based Intrusion Detection

Network-based IDS's work on network packets rather than system audit trails. This allows them to interact in real-time with the network traffic and allow or deny certain packets based on the header of the data packet. Network-based Intrusion Detection Systems are based on the 'wire tap' concept and will apply pre-defined rule sets or 'attack signatures' to the captured traffic.

Enhanced Kernel Security

Enhanced Kernel Security is a set of Linux kernel patches recommended for high-security servers. These kernel modifications beef up Linux security by protecting files and processes and offering fine-granulate Access Control Lists (ACL). On top of that the Enhanced Kernel Security offers kernel integrated port scanning and alerting.
Only implementing an IDS is not enough, it is equally important to properly analyze the IDS data. Also, IDS's are never 100% flawless because their effectivity is based on the pattern database. Linugen's Consultants are trained to work with our IDS services and can assist you where necessary.

Read more about Intrusion Detection: Open source mounts IDS challenge
Network Security Library: Intrusion Detection - Challenges and Myths
SANS Institute: Intrusion Detection FAQ
* These links refer to third party sites and will open in a new window.