The IDS/IPS module runs the IP networks traffic analysis in real time ans is able to identify threats and intrusions. Network traffic control occurs at different levels such as:
- Protocol analysis.
- Content analysis.
- Content comparison.
All the threats identification rules are continuosly updated through subscription to "Talos", an information security expert group actively working in identifyng and responding to hacking activities, intrusion, malware and vulnerabities. Some of the threats that are identified and blocked are:
The security box can work in the following ways:
- Sniffer: the program reads the network packets and displays them on the console.
- Packet Logger: the program runs the network packet logs on disk.
- NIDS: the program analyzes network traffic and fires different alarms depending on user-defined rules.
- Forensic analysis: same as NIDS but it receives a dump of network traffic as imput.
The results of the analysis produced by the program can be redirected and organized in different formats such as:
- Unified format (Snort Format);
- XML;
- Databased such as MySQL, Oracle, PostgreSQL;
- Tcpdump/libcap format;
- ASCII;
- WinPopup (SMB);
- System logs.
