RealSecure - Network Attack Detection

System Security of Unix Servers Enhanced by Real-time Intrusion Detection Software

RealSecure - for Network Attack Detection

As a continuous effort to maintain good security of our campus network, the Computer Centre is deploying a security software - the ISS (Internet Security Systems) RealSecure to enhance the system security of our Unix Servers. As a supplement to the existing Internet firewall system of our campus network, the RealSecure enhances the campus network security by detecting any possibly attack patterns on the network.

RealSecure vs the Firewall

As quoted from the software documents, RealSecure is an automated, real-time intrusion detection, misuse, and response system for computer networks. The RealSecure attack-recognition detector unobtrusively analyzes the activities on our campus network and host computers. The RealSecure product suite has two basic components: the detector for detecting suspicious attack pattern and the management console which is the central control station for the detectors. When installed on a network segment, the detector continuously monitors the network traffic for suspicious traffic patterns. When the software is installed on a host system, the detector will monitor the operating system log entries and key system files for indications of unauthorized access.

Unlike Internet firewall and other static security devices which impose only access control on the campus network, RealSecure can be set up to monitor the network traffic and to detect any suspicious patterns (such as the famous Windows Trojans - BackOriffice and NetBus) online without causing any performance degradation to the network.

If you have any question concerning RealSecure, please feel free to contact the undersigned.

Internet Firewall Upgrade

We are pleased to announce that our Internet Firewall system has been upgraded on 12 November 1999. The firewall software has been upgraded from Checkpoint Firewall-1 version 3.0 to version 4.0, and the original firewall server (SUN Ultra10 Workstation) was replaced by a new SUN Enterprise 250 Workgroup server.

What is a Firewall?

In summary, an Internet firewall is a set of related programs, located on a server, that protects the resources of a private network from users from other networks. This server acts as a gateway separating the campus network and the Internet. The primary function of a firewall is to filter out unwanted network traffic between the Internet and the campus network according to the rules and policies as specified by the network administrator. The Computer Centre, being the central campus network administrator, has been continuously safeguarding the security of our campus network. From time to time, we enhance or upgrade the security measures in our campus network with minimal interruption of our services. The deployment of the Internet Firewall serves as a foundation of the Centre's security policy.

Benefits of the Upgrade

1.Checkpoint Firewall-1 version 4.0 is 100% Y2K-compliant

2.new features in version 4.0 will enable the implementation of the Centre's security policy

3.the upgrade implemented provides spare system capacity for implementing other value-added services, such as Virtual Private Network (VPN) and high availability set-up of the Internet Firewall.

If you have any questions related to the Internet firewall system of the HKU campus network, please contact the undersigned.

K.C. Chang
Tel: 2859 7972
Email: kcchang@hkusua.hku.hk

[Contents] [Next] [Previous]