The Hostway Blog

Intruder Alert

Small businesses are especially vulnerable to intrusions and security breaches from outside their local area networks via the Internet. Hackers know that small businesses are on tight budgets and often do not have high-level security systems in place. In many instances, a firewall may not provide the level of security necessary to prevent or detect an attack.

How Do I Protect My Network?

Businesses can contract with a dedicated managed security service provider. While these companies serve large enterprises with deep pockets, almost all of them have options designed especially for small businesses. They charge a low annual or monthly fee. The business receives the benefit of intrusion detection and prevention via state of the art security technology. This managed solution eliminates the need for the business to procure the necessary hardware and pay in-house dedicated IT professionals.

How Does It Work?

The service installs a single appliance, either virtual or physical on the company’s network. A quality system monitors activity so as to effectively detect intrusion and provide strong prevention measures. Some services commonly included with security packages include vulnerability scanning, firewall management and fortification, high speed intrusion detection, email security and Web security to protect against harmful Web content.

Why Isn’t My Firewall Adequate?

Firewalls have become more sophisticated in recent years, but the most common ones still only monitor IP addresses and ports as a means of intrusion detection. This leaves a network vulnerable to a wide variety of attacks that cannot be detected through this method. An intrusion detection system (IDS), however, can actually read and understand packet header content and monitor flags and options within the packet header.

Methods of Detecting Attacks

There are two primary methods employed by IDS companies to detect intrusion. Most IDS providers use a combination of both in their solution.

Pattern Matching

This method uses a signature database that keeps records of known attacks and the specific actions executed during these attacks. These are known as attack signatures. This method of intrusion detection will recognize the signature of an intruder if that signature is in the database. The effectiveness of this method depends upon keeping the database current. This system is analogous to a criminal investigator matching fingerprints from a crime scene to a crime suspect. If the fingerprint database is not updated, the criminal may not be caught.

Statistical Anomaly

Statistical anomaly intrusion detection routines compare activity that deviates from normal usage to a baseline norm established upon implementation of the system. This is a powerful routine and can detect new attacks as well as known ones. This method is similar to techniques used by a police officer that normally patrols a certain route. When he sees something out of the ordinary, he then forms a suspicion of criminal activity. He may not know exactly what activity is occurring or the identity of the criminal element, but the deviation was the catalyst that caused him to begin investigation.