[914] in Intrusion Detection Systems
No subject found in mail header
daemon@ATHENA.MIT.EDU (Justin J. Lister)
Sun Apr 20 02:26:52 1997
From: ruf@uow.edu.au (Justin J. Lister)
To: ids@uow.edu.au (Intrusion Detection System Mailing List)
Date: Sun, 20 Apr 1997 13:25:47 +1000 (EST)
Reply-To: ids@uow.edu.au
Date: Mon, 7 Apr 97 10:13:34
From: Ziv Dascalu <ziv@AbirNet.com>
Subject: content-based security on protocols like SMTP, POP, HTTP
To: ids@uow.edu.au
X-PRIORITY: 3 (Normal)
X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc.
Message-ID: <Chameleon.860397338.ziv@ziv.abirnet.co.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1
Content-Transfer-Encoding: 8BIT
--- On Sun, 6 Apr 1997 11:25:52 +1000 (EST) "Justin J. Lister" <ruf@uow.edu.au> wrote:
>Message-ID: <33410418.340B@asapnews.com>
>Date: Tue, 01 Apr 1997 15:48:24 +0300
>From: izar tarandach <izar@asapnews.com>
>Organization: ASAP Ltd.
>X-Mailer: Mozilla 4.0b2 (WinNT; I)
>MIME-Version: 1.0
>To: ids@uow.edu.au
>Subject: Content-Based Security
>X-Priority: 3 (Normal)
>References: <m0wBhG1-0005wdC@SPi>
>Content-Transfer-Encoding: 7bit
>Content-Type: text/plain; charset=us-ascii
>
>Hi all. A quick question: has anyone seen products that do
>content-based security in firewalled environments, on protocols like
>SMTP and HTTP ?
> Any pointers would be much apreciated.
>
>TIA,
>
>--izar
>--
Yes, there is a product like this, it runs on 95 or NT and monitors the whole system
(it does not have to be a gateway)
here is some more info:
SessionWall-3(tm)
The Next Generation
of Internet and Intranet Protection
Protecting your Company
When you connect your local or corporate network to the Internet or use Internet
technology within your company, you are faced with two major concerns:
1. sheltering your network against outside intrusion
2. protecting your company from internal abuse
AbirNet provides an effective and economical way to quickly and easily address both
concerns without changing your current network topology, without introducing any new
network performance overhead, and without an extensive planning and implementation cycle.
SessionWall-3
AbirNet's SessionWall-3 provides the tools required to protect your company from Internet
intrusion and internal and external electronic communication abuse.
SessionWall-3 provides a comprehensive mechanism to learn your users' network usage
patterns, quickly apply company policies, monitor the policy compliance, and protect your
users and your company from network abusers.
With SessionWall-3, companies can quickly increase the overall effectiveness of their
existing investments in network protection and firewalls.
Background
The first generation of Internet and Intranet protection came in the form of firewalls,
which focused on packet header filtering. The filter criteria were statically set to allow
packets with specific addresses to pass through or to be blocked (rejected).
The firewall software is often hosted by a high-powered UNIX workstation. The firewall
essentially stored every packet, looks at it and either lets it go through or blocks it.
This solves a specific set of requirements. It also requires skilled individuals to set
the filters and make the trade-offs associated with control, cost and network throughput
delays. These considerations are especially perplexing as companies try to apply these
technologies to their internal networks (Intranets), since the delays introduced can
significantly dampen the effective use of the high bandwidth corporate backbone.
The second generation of Internet and Intranet protection adds application filter
capabilities to the firewalls and puts more emphasis on presenting the security
administrator with a graphical user interface to reduce the training requirements.
This generation includes the introduction of proxy servers. Proxy servers literally act as
intermediaries between the internal network and the external network. This second
generation enables the filtering process to look at the contents of E-mail (SMTP and POP),
file transfer (FTP), terminal emulation (Telnet), News (NNTP send and receive) and WEB
protocols in order to make blocking decisions.
This generation increases the level of protection and the granularity of the blocking.
Proxy servers also increase the overheads associated with examining the packets and
passing them on. Again trade-offs have to be made to minimize this overhead.
The third generation of Internet and Intranet protection introduces a complementary and
more efficient TCP/IP blocking, and significantly reduces the skills, planning
requirements and costs associated with using only firewall and proxy-server
implementations.
This generation might more accurately be described as session walls, since the protection
is really to the specific application session level. It provides a way to monitor and
block internal and external network traffic.
These session walls work hand-and-glove with the existing firewalls and network routers
with built-in firewalls, without adding any additional network delays. These session walls
also provide additional flexibility and controls while reducing the complexity.
AbirNet's SessionWall is the first of such third generation solutions.
SessionWall-3(tm) Capabilities
SessionWall-3 is the industry's most comprehensive solution to achieve effective use of
Internet technologies in a business environment. It provides control with very
sophisticated, yet easy to use, software that monitors, detects, blocks, alerts, and logs
specific access events and the associated data. It can also detect and alert when access
or transmission content anomalies occur in order to identify possible intrusion attempts
or network abuse.
AbirNet's SessionWall overcomes the key business obstacles to protecting your network by:
7 minimizing the skills and resources required
7 providing an economical and scaleable solution
7 providing management reports
7 providing easy-to-use, flexible tools
SessionWall-3 provides an unobtrusive yet effective capabilities to protect your company
from external intrusion and internal abuse. This is accomplished with:
7 plug-and-play installation
7 easy to use Graphical User Interface
7 easy to select actions
7 comprehensive address and text sensitive rules
7 electronic network traffic content monitoring
7 fully formatted content viewing
7 proof of breach logging with actual offending content
7 "no network overhead" monitoring and blocking
SessionWall-3 also focuses on providing an unobtrusive solution that introduces no
additional network overhead and minimizes the compute resources required to conduct
comprehensive monitoring.
Representative Services Provided
SessionWall-3 combines network traffic monitoring and blocking, activity reporting,
session viewing, and network activity metering. It provides comprehensive logging and
analysis with rules, reports, alerts and statistics. It also enables the security
administrator to view formatted network traffic content, e.g. an E-mail message in order
to enhance policy content filters and provide readable proof of breach.
SessionWall can be installed on any Windows 95 or NT machine and is attached to the local
network, just as any other PC, not as a gateway. In this way it can protect against all
internal and external abuses. Once installed, the administrator easily sets the user and
server access policies. This is done by selecting the E-mail, WEB browsing, news, Telnet
and FTP servers to be logged and/or blocked for some or all of the users. Additionally,
SessionWall provides the ability to add other protocol filters to block specific
applications such as Internet phone, video conferencing, etc.
Monitoring
Based on client policies, SessionWall examines all session packets that pass by on the
local area network without adding any overhead into the network or introducing delays to
traffic transit time. As part of this examination SessionWall relates specific users to
the sites accessed, specific protocols used, specific usernames used, the information sent
and received, and the use of specific keywords contained within the data portion of the
packets being sent. These conditions can be associated with more sophisticated criteria
such as time of day, specific session duration and specific application responses, e.g.,
logon failed. When specific policy conditions are encountered an event occurs. SessionWall
can respond to events by:
7 Blocking the session from being set up
7 Sending an alert
7 Logging session details and session data
7 Ignoring the condition and taking no action
The result is a very comprehensive yet easy to implement Internet and Intranet protection
solution.
Blocking
In the event that the course of action specified is to block the session, SessionWall
invokes AbirNet's Patent Pending "unobtrusive filtering and blocking" technology to
terminate the offending session.
Alerting and Responding
Once an event has been encountered, the appropriate policy action is invoked. The action
can be any combination of people-dependent alerts such as E-mail, fax, Windows NT event
log entry, or a message to SessionWall system operator. It might also be the invocation of
a specific Windows program to create a custom response.
User Notification - Warning
As a courtesy capability, SessionWall has the ability to automatically send a customized
notification to the users that their session has been blocked.
Special Privacy Feature
SessionWall can be set not to monitor specific user communications.
SessionWall meets your needs Now!
AbirNet's SessionWall represents the latest generation of Internet and Intranet protection
technology. It delivers unprecedented levels of access and control, user transparency,
performance, flexibility, adaptability and ease-of-use. SessionWall overcomes the need for
a powerful UNIX firewall host, and eliminates the overheads introduced with
non-router-based firewalls, by applying its patent-pending "unobtrusive filtering and
blocking" technology. Additionally, the SessionWall-3 includes a Session Viewer that can
be used for intruder monitoring, auditing, and providing solid evidence of electronic
communication abuse.
Specifications
Minimum Requirements
Operating System: Windows 95 or Windows NT
Platform: Intel Pentium, 100 MHz or faster
Memory: 16MB RAM (32MB recommended)
Disk space: 35MB free space
Network interface: Standard
Media: CD-ROM
)AbirNetTM, SessionWallTM are trademarks of AbirNet, Inc. and AbirNet ltd.
Ask about 150
Contacting AbirNet:
Email: abirnet@abirnet.com
Tel: (800) 245-1688 or (817) 251-7000
Fax: (817)251-7001 Israel:
Tel: +972-4-959-0660
Fax: +972-4-959-0661
www.abirnet.com
AbirNet Offices:
US Headquarters - Dallas
Lakeview Plaza II Suite 140
1705 W. Northwest Highway
Grapevine, Texas 76051 USA
Tel: (817) 251-7000
Fax: (817) 251-7001
International Headquarters - Israel
Kohav Yoqneam
P.O.B 251
Yoqneam 20962 Israel
Tel: +972-4-959-0660
Fax: +972-4-959-066
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\
| A B I R N E T Active Network Protection |
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
/AbirNet provides the next generation in Internet and Intranet Protection\
| AbirNet provides Windows 95 & NT-based software that let's you know |
| how your network is being used while protecting it from intrusions |
| and abuse using no-network overhead, see-it-all filtering, blocking, |
| alerting, logging, and scanning technologies. |
| |
\========== Get an EVALUATION COPY at <http://www.AbirNet.com> ===========/
