|
|
Dragon Host Sensor
Scalable, flexible host-based intrusion defense
This item has been discontinued.
Discontinued Date: 1/1/2005
A host-based intrusion defense tool, Dragon Host Sensor monitors individual systems running
today’s most common operating systems, for evidence of malicious or suspicious activity in
real time.
Dragon Host Sensor may be deployed on a protected host where it uses a variety of techniques
to detect attacks and misuse on the system, including analyzing the security event log, checking
the integrity of critical configuration files, or checking for kernel level compromises. This hybrid
approach ensures that no misuse goes undetected.
Dragon Host Sensor may also be deployed on a dedicated analysis system where logs are
forwared and analyzed from most commercial firewalls, routers, switches, and other IDS
devices. Correlating events from these devices and from Dragon Network and Host Sensors
is critical in identifying which events are the most serious, as well as understanding their origin
and impact.
Using non-conventional techniques to identify attempted intrusions or general misuse, the Host
Sensor can be installed on a dedicated system to create a “deceptive” server designed to entice
an alarm on attempted intrusions by simulating a fake web server, telnet server, or mail server.
|
Features & Benefits
- File attribute monitoring monitors specific file attributes such as owner, group, permissions and file size
- File integrity checking monitors files or directories to determine if content has been changed via MD5 hash, protecting sensitive files
- Log file analysis analyzes any file or directory—including the system log, security log, or the log of a custom-built application—against a signature policy
- Windows event log analysis monitors the various Windows event logs for sign of misuse or attack
- Windows registry analysis analyzes the Windows registry for attributes that should not be accessed and/or modified, essential in identifying attacks against often-targeted Microsoft servers
- TCP/UDP (backdoor) service detection monitors for opened TCP and UDP ports, providing critical protection against backdoor services, which can be used to allow unauthorized access through the firewall or act as a staging point for a distributed denial of service or outright attack
- Kernel monitoring detects suspicious privilege escalations and other signs that the kernel has been compromised
- Custom module interface provides an open and easy interface for custom module development, allowing the customers to write their own tailored modules
Dragon Host Sensor deploys advanced techniques in identifying root-kits and buffer overflows
via its kernel-monitoring module. This module traps and analyzes all calls into the
kernel and can identify the existence of any kernel-level root-kit—both known and new, an
absolute requirement in identifying compromised systems before an attacker is able to
completely cover their tracks. It can also identify anomalous privilege escalations states resulting
from successful buffer overflows. Dragon’s kernel monitoring capabilities are an essential
building block on the path to host-based intrusion prevention—failure to implement this step
leaves the host open to attacks that other intrusion prevention solutions cannot detect.
Centrally managed via Dragon Enterprise Management Server for signature and configuration
updates, Dragon Host Sensor also reports all information—including event description,
source/destination IP, source/destination port, raw log (if applicable) and timestamp—to the
Security Information Management functionality within Dragon Management Server for real-time
alerting, forensic and trend analysis.
Technical Specifications
| Operating Systems |
Windows NT/2K/XP, Sparc Solaris
(versions 8 and 9), AIX (versions 4.3.3 and 5.X), HPUX
(version 11.x), and Linux Distributions: Red Hat (versions 8.0
and 9.0), SuSE (version 8.1), Mandrake (version 9), Slackware
(version 8.1) and Debian
|
Ordering Information
| DSHSS-WIN |
Dragon Host Sensor Software for Windows |
| DSHSS-LNX |
Dragon Host Sensor Software for Linux |
| DSHSS-SOL |
Dragon Host Sensor Software for Solaris |
| DSHSS-AIX |
Dragon Host Sensor for AIX |
| DSHSS-HPX |
Dragon Host Sensor for HPUX |
|
