| |
Qbik's NetPatrol takes on the hackers
Hack attempts and other attacks from the Internet are becoming increasingly
complex and better-concealed. As a result many common firewall solutions are
simply not sophisticated enough to detect them. Realising the need for a
packet-level network traffic monitoring system that can detect these
types of malicious activities, Qbik embarked on a development effort to provide
a tool for network administrators aimed at just this need. Qbik is now proud to
provide its solution - called NetPatrol.
Intrusion detection system
From the experience gained with WinGate - Qbik's comprehensive proxy server
solution, Qbik realised that a logical and necessary complement would be an
intrusion detection system that could monitor, analyse and report on suspicious
network and Internet traffic behaviour to and from the WinGate Internet server.
Currently NetPatrol operates as a stand alone monitoring system, providing
relevant traffic information, and raising alerts about suspected network
intrusions or attacks.
Monitor a single machine or an entire network
NetPatrol can be set to monitor all network connections on the machine on which
it is installed, and provide a detailed report on network data that is addressed
to those interfaces. Or it can be set to "promiscuous mode" where it will
monitor all network traffic on all the ethernet segments that the NetPatrol
machine is connected to.
With a "danger level" monitor, NetPatrol will attempt to gauge the behaviour and
severity of the data activity, and respond accordingly. It can be configured to
handle certain types of network behaviours based on a set of rules that
administrators are able to configure depending on their security reporting
requirements.
Scalable Modular system
NetPatrol is built on top of installable modules, with certain tasks assigned to
each. Because of this, NetPatrol can be used as a distributed IDS system,
allowing for higher performance and better ratio of handled/lost packets on
highly-loaded networks.
Session reconstruction and investigation tools
All IP Traffic can be logged and sessions reconstructed. A graph of attacks
level indicates current threat level. From the main display, Source or
Destination computers can be investigated.
Port Monitor tool allows you to see what your applications are doing
Also included is the Qbik PortList tool, allowing easy real-time monitoring
of all connections to and from the local machine and the processes responsible.
Connections and processes can be easily terminated from the main screen. Even
system services can be terminated.
|
