V2-NIPS Network Attack Prevent – Defense System

INTRODUCTION

V2-NIPS Network Attack Prevent – Defense System allows to protect information systems against dangerous real-time attacks on the network. One of the advantages of this solution is the ability to detect and prevent attacks without affecting system performance. For attack detection, the system allows passive monitoring of network connections using a dedicated data extraction device (Network-Tab) or using the Span port on the Switch (these functions require sharing share a portion of the Switch's resources).

SYSTEM FUNCTION

1. Network Attack Detection

1.1. Detecting Network Attacks based on set of Sttack Detection Signatures

The system is capable of analyzing network connections to detect network attacks without affecting the operation of the protected system.

• Detect unusual activities on the system based on the system's signal set (misc-activity)
• The type of network attack is the user inside the system (misc-attack).
• Denial of Service (Dos/DDoS) attack
• The type of attack that violates system policy (policy-violation)
  • Unsuccessful-user
  • Suspicious-login
  • Attempted-admin
  • Inappropriate-content
• Anomalous network connection detection detected on the system (non-standard-protocol)
• Type of attack using Shellcode

Detect malware activities over the network environment (malware-cnc, trojan-activity)

• Network-scan type of attack
• Types of attacks on operating systems (Linux, Windows ...)
• Attacks on Web servers (IIS, Apache, Oracle ...)
• Type of attack on Database server (Mssql, Mysql, Oracle ...)
• Types of attacks on email servers (POP3, IMAP, SMTP...)
• Types of attacks on Web applications (SQL/XSS/Command Line Injection, HTTP detour attack, Inclusion Vulnerabilities, Brute Force...)

1.2. Detecting network attacks based on anomalous activity on the system (Behavior Detection)

• The Behavior Detection function allows detection of anomalous behavior to accurately detect the attacker and attacked based on the ability to automatically analyze the warnings received from the system.
• The Behavior Detection function allows administrators to set up a set of rules to detect anomalous user behavior and abnormal network connections on the system.
• The Behavior Detection function is set up with available rule sets to detect the following behaviors:
  • Hacker's network scanning behavior
  • Attack behavior from a source address when performing different types of network attacks to the protected system
  • Web application attack behavior
  • Acts of attack malicious code, malware

1.3. Detect Malicious Behavior based on Anomalous Network Connection System

2. Dealing with Cyber Attacks

Hệ thống cung cấp khả năng tương tác với thiết bị mạng (Router, Swith), thiết bị bảo mật (Firewall) và hệ điều hành (Windows, Linux…) để thực hiện ngăn chặn tấn công mạng.
Khả năng này cho phép hệ thống có thể ngăn chặn tấn công mạng mà không làm ảnh hưởng tới hoạt động và hiệu năng của hệ thống cũng như không yêu cầu cài đặt Agent trên các thiết bị hay máy chủ.

3. System Administration Function

• The Dashboard function allows administrators to have an overview of the system.
• The Behavior Blocking function manages alerts about behavioral attack detection and prevention.
• The report generation function allows administrators to create customized reports according to specific conditions in different formats.
• System configuration management.
• Manage system administrator accounts.
• Manage system software updates from the Cloud.
• System status information.
• Manage Logs activities on the system.
• System administration through Console and SSH interfaces.

SERVICE PACKAGES