An intrusion detection system is a way to detect intruders: unexpected, unwanted or unauthorized people or programs accessing your computer network. Most companies will have firewalls and other forms of security to prevent access to their systems, but sometimes hackers can slip through them, and once inside can cause all kinds of damage. There are legitimate “holes” in firewalls in order to let traffic out, as well as little known vulnerabilities that can be exploited to access seemingly secure systems. If a hacker does get into your system, then an Intrusion Detection System will find them and take appropriate action.

It is not just big companies who get hacked, people may try to access your systems for all sorts of reasons –for profit, maliciously, or simply because they can.

Firstserv offer an intrusion detection service, to monitor network activities and protect your server against malicious incidents.

Firstserv’s clean IP service will filter your traffic before it hits your server. Note: Your server needs to be hosted at our facility in order to receive this service.

• DoS & DDoS Protection
  Patented algorithms provide comprehensive protection against SYN floods, ICMP floods, UDP floods and application overload attacks.

• Application Rate Limits
  Using policy-based rules, traffic rates to applications and servers can be limited, based on acceptable application usage.

• Conection Limits
  Configurable rules that protect network resources (such as servers and routers) from being overwhelmed by too many connections.

• Client Request Rules
  Configurable rules that limit the rate at which individual clients can initiate transactions.

• DShield Updates
  DShield is a community-based collaborative log correlation system. Top Layer collects data feeds from the DShield engine and forwards lists of badly-behaving IP addresses to the IPS which in turn can block any traffic sent to or from these malicious IP addresses. Typical blocked IP addresses include those used in cross-site scripting, SQL injection attacks, directory traversals, spam and other botnets and zombies.

• Shunning
  Attackers can be identified in a configurable dashboard and blocked en masse with a simple mouse click. Any traffic received from these shunned IP addresses can be temporarily or permanently blocked.

• Stateful Inspection
  The IPS contains built-in state tables that hold in memory significant attributes from start to finish for all network connections. Included are details such as IP addresses, ports involved in the connection and the sequence number of the packets traversing the connection. From these tables, the IPS is able to gather significant context from which it can determine attack type, direction of attack, and attack frequency.

• ProtectionCluster™
  The Top Layer IPS can be deployed in configurations of up to 8 parallel appliances, particularly useful when 10Gig/sec of protection is required or the network is asymmetric. Management of multiple devices is achieved with a centralized IPS Controller software module. The IPS Controller shows real-time data and includes drill-down incident response capabilities.

If you are interested in discussing your options for intrusion detection from Firstserv, please contact our technical sales team.

What is a Denial of Service (DoS) attack?

A Denial of Service attack is designed to render a computer or network incapable of providing normal services. Common DoS attacks target the network bandwidth or server connectivity. Bandwidth attacks flood the network with such a high volume of traffic that all available network resources are consumed and legitimate user requests cannot get through. Connectivity attacks flood a computer with such a high volume of connection requests that all available operating system resources are consumed, and the computer can no longer process legitimate user requests.

What is a Distributed Denial of Service (DDoS) attack?

A Distributed Denial of Service attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology, the perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms. This network is referred to as a botnet. Typically a DDoS master program is installed on one or more computers using a stolen account. The master program, at a designated time, then communicates to any number of "agent" programs, installed on computers anywhere on the internet. The agents, when they receive the command, initiate the attack. Using client/server technology, the master program can initiate hundreds or even thousands of agent programs within seconds.

How is a DDoS Attack executed against a website?

A website DDoS is executed by flooding one or more of the site's web servers with so many requests that it becomes unavailable for normal use. If an innocent user makes normal page requests during a DDoS attack, the requests may fail completely, or the pages may download so slowly as to make the website unusable.

What is malware?
Malware is simply malicious software. This is any software designed to secretly access a computer system without the owner's informed consent.

What is spyware?
Spyware is a type of malware that can be unwittingly installed on computers which collects personal information about users without their knowledge. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet connection or functionality of other programs.