Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Safe and Sound

The SecureNet sensors, positioned in the first tier, inspect network traffic and store events based on signature policies on the sensor. These Red Hat Linux hardened devices use a Linux CLI (command-line interface) and the SecureNet sensor packet-inspection engine. SecureNet sensors can forward their intrusion-event data to the Tier 2-positioned SecureNet Provider Manager, a Microsoft Windows 2000 server application that makes extensive use of SQL2000 data-mining tools. The manager application inserts records into a relational database for later analysis and can filter data before sending it to the client's real-time monitoring module. The interface to the entire system is in Tier 3 of the SecureNet Provider client and its associated tools (see diagram).

How SecureNet Works
click to enlarge

Intrusion shipped beta versions of its products--SecureNet Provider 2.1, SecureNet WBI (Web-based interface) 1.4 and SecureNet Sensor 4.5--to Network Computing's Real-World Labs® at Syracuse University. An Intrusion engineer spent about three hours configuring the equipment--a service available to all customers. The engineer removed triggers for erroneous NNTP and SMTP events particular to our network; performance-tuned the SQL data-transformation service-replication frequency; and gave me a quick overview of the manager's and client's features.

The SecureNet 7145 sensor was connected to a gigabit fiber link from a NetOptics passive regeneration tap, mirroring the university's OC-3 Internet link, which averages 225 Mbps (60,000 packets per second). The Intrusion engineer connected the sensor to the SecureNet Provider Manager 7345 server via crossover cable and loaded the manager software and signatures.

Powerful Functionality

I gave the sensor 48 hours to get familiar with our network traffic. It populated the various SQL databases with the IDS events, giving me some historical data to work with. I started my tests in Tier 1 using only the sensor features. Linux-savvy administrators will feel very comfortable with the CLI available via SSH (Secure Shell) or serial console to gain an unlimited amount of information from standard Linux commands. The new Web interface is another option.

  • 1