Intrusion Detection System
An intrusion detection system (IDS) generally detects unwanted manipulations to Web Application, mainly through the Internet. The manipulations may take the form of attacks by hackers.
It consist of sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received.
An intrusion detection system is used to detect many types of malicious network traffic and computer usage that can't be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files and malware.
- Configure IDS for basic functioning
- Create policies based on organizational requirements
- Alerts and reporting for intrusions blocked
- Management of IDS - patches, updates and optimization of rules.
- Logs available for forensics.
Intrusion Prevention System
An intrusion prevention system is a computer security device that exercises access control to protect computers from exploitation. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology but it is actually another form of access control, like an application layer firewall. The latest next Generation Firewalls leverage their existing deep packet inspection engine by sharing this functionality with an Intrusion-prevention system. It occurs in Real time.
- Setting up and management of the Intrusion detection and Monitoring System.
- Weekly reporting on malicious and abnormal activity following the standard benchmarks HIPAA, PCI, SOX Act, W3C & OWASP
- Action taken on high security/load alerts.
- Monthly detailed discussion on proactive steps to prevent intrusions, load, and policy violations based on the logs.
- Forensic activity if required using the IPS.
- Prevention/Monitoring of data transfer through Web Serves.
- Prevents attacks on real time.
Health Insurance Portaibility and Accountability Act (HIPAA) : Regulation impacts those in healthcare that exchange patient information electronically. HIPAA regulations were established to protect the integrity and security of health information, including protecting against unauthorized use or disclosure of the information.
Payment Card Industry Data Security Standard (PCI) : Which enables payment service providers and merchants to track and report on all access to their network resources and cardholder data through system activity logs? The presence of logs in networked environment allows thorough forensic analysis when something does go wrong. Without system activity logs it would be difficult to determine the cause of a compromise.
Sarbanes-Oxley : Logs form the basis of the internal controls that provide corporations with the assurance that financial and business information is factual and accurate.
W3 Consortium : The world wide web consortium develops interoperable technologies (specification, guidelines, software, and tools) to lead the web to its full potential.W3C is a forum for information, communication, and collective understanding.
OWASP : The Open Web Application Security Project is a worldwide free and open community focused on improving the security of application software. The aim is to make application security visible, so that people and organization can make informed decisions about application security risks.