The Intrusion Detection app is the cornerstone of security for any size network. The app uses the highly regarded Snort engine to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. The app can help identify, log and stop (using the IPS plugin) external attack vectors targeting the network (fingerprinting, buffer overflows, brute force authentication etc.). The app contains over 1000 known attack vector signatures with another 8000+ signatures available (with continuous updates) via the IDS update subscription from ClearCenter (app available in the Marketplace).
Documentation for this app can be found here.
Users who installed this app also installed the following apps.
The Intrusion Prevention app is a plugin to the Intrusion Detection system. The service dynamically creates firewall rules (iptables) to block IP packets if a packet stream matches a known attack signature. Signatures are provided by the intrusion detection app, containing over 1000 known attack vectors. An additional 8,000-10,000 signatures are available (and continually updated) via the IDS update subscription from ClearCenter (app available in the Marketplace).
Intrusion Protection Updates
Intrusion Protection takes an active role at the edge of your network. It detects attempts to gain access to your system by known exploits and then pro-actively firewalls your server from the perpetrator. Having additional attack vector signatures in additional to continual updates is essential in deploying a security perimeter for your network. The Intrusion Protection Signatures and Updates app provides over 12,000 additional signatures and continual weekly updates.
ClearCenter Remote Security Audit
Remote Security Audit is a service for system administrators to limit the damage potential of corrupted or tampered system files. Reviewed on a regular basis, the audit can quickly notify an admin so damage control measures can be taken in a timely manner. The audit notification (sent from ClearCenter's SDN cloud service) is essentially tamperproof against a malicous attacker covering the intrusion due to the creation of a unique audit hash which is stored in the cloud and compared against on subsequent audits.
Other Apps and Services by Developer
The PPTP VPN app is a server-side implementation of the PPTP protocol. It is primarily used for client-server VPN tunnels (as opposed to server-server). The main advantages of this protocol are ease of use and low cost as the client-side software is built into all Windows OS, in addition to free clients for Mac and Linux distributions. Along with the advantages, it should be stated that the PPTP protocol is the weakest in security of all the main VPN protocols (IPSec, OpenVPN, L2P). The protocol splits traffic into control and data streams, and passes all control packets across the network without any encryption. The result is that PPTP is vulnerable to attack or hijacking and known breeches in security using this protocol have been demonstrated.
The Shell Extension is a account-manager extension that allows an administrator to assign shell access (and type) to user accounts via the user manager app. Giving users shell access to the server is not typically recommended unless the user has a role in administering the server or services (eg. Apache web server) that reside on it. Another typical use case that can enhance security is to disable root logins, forcing users with privileged shell access to login by username.
The OpenVPN app is a server-side implementation of the OpenVPN protocol. This versatile protocol makes it ideal for either client to server or server to server VPN tunnels using TCP or UDP.
ABOUT THIS APP
July 31, 2012
INTRODUCED TO MARKETPLACE:
July 13, 2012