Network Intrusion Detection Systems

Sample ProductsWirelessPowerRecordingSystem MonitoringCamera Systems

Main Menu

Any comprehensive network and computer security plan includes a network-based, as opposed to computer-system based, intrusion detection system.

The NIDSensor device runs with Snort®, the defacto standard for intrusion detection/ prevention.

Enhance network and computer security with this dedicated, small, innocuous and powerfull NIDS device. The unit is preconfigured for easy and rapid deployment.

The NIDS monitors and analyses all passing network traffic. Should it detect some suspicious data traffic, it generates an alert and logs traffic data for further investigation.

Every packet the sensor captures is decoded, preprocessed to find packet and traffic anomalies and then compared with a large database of rules. Depending on the sensor configuration and your choice of source of rules, the database can contain several thousand rules. You can also configure your own rules or modify existing rules. Several rule sets (i.e. Snort, Bleeding Edge Threats) are available on a subscription basis.

The sensor is primarily intended to supplement and further expand an already existing Network Intrusion Detection Infrastructure (NIDI). However, it can also be configured to operate as a standalone device. The sensor can be implemented in a small home and office network as well as large enterprise network environments.

Integrated in a NIDI, configuration and rules-updates can be managed with a central policy manager such as the Activeworx IDS Policy Manager. Alerts and logged traffic data can be sent to a central reporting and analysis tool such as BASE (Basic Analysis and Security Engine) (see sample report below).

In standalone mode, the sensor can be configured to automatically update the default rules set from Snort. Alerts and logs can be sent to the local syslog service. Configuration of the device can be done remotely on the command line, over a secured network connection or from the serial console.

The device features three network interfaces. One of the interfaces can be set aside and configured as the management interface. The device is capable to monitor traffic in “stealth” mode.