RealSecure 3.0
Editor Jonathan Cragle's pick for security management is Internet Security Systems' RealSecure 3.0 for 24 x 7 network security.
May 14, 1999
Wouldn't you love to have assistants who tracked security notices, recommended fixes, enforced policies, contacted you during security breaches, and reported what they'd done to correct problems? Internet Security Systems' (ISS's) RealSecure 3.0 is an assistant that guards your network 24 X 7.
RealSecure is a member of the SAFEsuite family, which also includes Database Scanner 2.0, Internet Scanner 5.6.2, and System Scanner. Using these products individually provides an important single layer of security for your network; using them together provides multiple layers of armor.
RealSecure can't eliminate your security problems, but it helps you manage them. The easy-to-use console and reports let you focus on fixing security issues rather than trying to track them down. Although you must configure the console and fix certain problems yourself, you'll spend less time than if you had to find all the problems yourself.
The product is an automated, realtime intrusion-detection and response system for your computer networks. The around-the-clock surveillance the software provides lets you automatically detect and respond to security breaches, even when you aren't near your console. Many security products limit their focus on break-ins outside the firewall, but RealSecure protects your network from planned or accidental internal and external attacks that typically shut down your equipment.
RealSecure is the first intrusion-detection product to integrate network-based and host-based-intrusion detection into one system. This integration gives an administrator two complementary views of network activity. Whereas a network-based intrusion-detection system can tell you about a break-in attempt as it occurs, a host-based detector tells you whether the break-in attempt succeeded or failed. The combination of both systems prevents attacks from succeeding easily.
The software has three components: RealSecure Engine, RealSecure Agent, and RealSecure Manager. The RealSecure Engine runs on a dedicated host and watches all network packet traffic for attack signatures—unmistakable identifiers that signal an attack is underway. This component can monitor traffic substantially faster than an administrator. The RealSecure Agent is a host-based complement to the RealSecure Engine, which analyzes host logs to recognize attacks, determines whether an attack was successful, and provides other information that isn't available in realtime.
The RealSecure Agent can automatically reconfigure the RealSecure Engine and selected firewalls to prevent future encroachments. The RealSecure Engine and Agent components report to the RealSecure Manager. This component reports crucial information in an easy-to-read format.
RealSecure 3.0 has several new features, including a system agent that monitors Windows NT log files (i.e., system, security, and application files) and compares new log-file entries to a database of signatures to find patterns and deviations in activity that indicate malicious intent.
When the system agent detects unauthorized or malicious activity, it responds by logging a summary of the event, sending an email message to the administrator, sending Simple Network Management Protocol (SNMP) traps, sending alarms to the RealSecure Manager, terminating a user process, suspending a user account, or performing a user-specified action. The administrator selects and customizes these choices to control the action the system agent takes.
A common ploy of intruders is to search for and try to attack an IP address space for services such as a Web server or FTP server. RealSecure has monitors for suspicious connection and listens on a server's unused ports for connection attempts to nonexistent services. These monitors can generate an alarm or reply with a customized text banner when the software suspects a malicious attack.
The software includes a plug-in module that lets administrators manage RealSecure 3.0 network engines from HP OpenView management systems. Future releases will include support for managing system agents. IIS has added more than 120 intrusion signatures to the software, bringing the total to almost 300.
RealSecure makes systems administrators' jobs easier. The software gathers security information for you 24 X 7 and lets you configure proactive responses to various situations. RealSecure 3.0
RealSecure 3.0 |
Contact:Internet Security Systems * 678-443-6000Web: http://www.iss.net |
About the Author
You May Also Like