An introduction to intrusion detection systems
|An Introduction to Intrusion Detection Systems (IDS)|
An issue too often overlooked when considering intrusion detection is management - securely managing the system itself. Embraced within this aspect is reporting... it is essential that the reporting and analysis tools are first class, enabling proper interpetation of detected events.
Within the Dragon IDS suite the Dragon Server component facilitates secure management of all Dragon Sensors and Dragon Squires. It also aggregates all alerts into one central database so that disparate attack information can be correlated.
The Dragon Server includes a variety of reporting and analysis tools as well as the ability to customise alerts via email, SNMP or SYSLOG messages.
The Dragon Server is a central control point for all Dragon engines and has advanced alerting, correlation and analysis functions. All features are available through web interfaces and many of the tools are highly configurable and customisable for almost any environment.
All Dragon engines are managed from one common web interface. This interface can effect policy changes across all of the Dragon Sensors and Dragon Squires. Individual Dragon engines can also be configured with flexible web based configuration screens. All signature libraries can be updated through these screens as well.