dcsimg

Network Associates Ships CyberCop Sting

By SV.internet.com Staff (Send Email)
Posted Jul 14, 1999


Network Associates, Inc. today announced the availability of its CyberCop Sting software, a new ``decoy'' server that silently traces and tracks hackers, recording and reporting all intrusive activity to security administrators. CyberCop Sting is a component of the CyberCop intrusion protection software family which also includes CyberCop Monitor, a real-time intrusion detection application that monitors critical systems and networks for signs of attack and CyberCop Scanner, a network vulnerability scanner.

CyberCop Sting allows IS managers to silently monitor suspicious activity on their corporate network and identify potential problems. It operates by creating a series of fictitious corporate systems on a specially outfitted server that combines moderate security protection with sophisticated monitoring technology. The Sting product creates a decoy, virtual TCP/IP network on a single server or workstation and can simulate a network containing several different types of network devices, including Windows NT servers, Unix servers and routers. Each virtual network device has a real IP address and can receive and send genuine-looking packets from and to the larger network environment. Each virtual network node can also run simulated daemons, such as finger and FTP, to further emulate the activity of a genuine system and avoid suspicion by would-be intruders. While watching all traffic destined to hosts in its virtual network, Sting performs IP fragmentation reassembly and TCP stream reassembly on the packets destined to these hosts, convincing snoopers of the legitimacy of the secret network they've discovered. Network Associates, Inc. today announced the availability of its CyberCop Sting software, a new ``decoy'' server that silently traces and tracks hackers, recording and reporting all intrusive activity to security administrators. CyberCop Sting is a component of the CyberCop intrusion protection software family which also includes CyberCop Monitor, a real-time intrusion detection application that monitors critical systems and networks for signs of attack and CyberCop Scanner, a network vulnerability scanner.

CyberCop Sting provides a number of benefits for security administrators, including:

  • Detection of suspicious activity inside network; Log files serve to alert administrators to potential attackers prying into reserved areas.
  • Virtual decoy network can contain multiple "hosts" without the expense and maintenance that real systems require.
  • CyberCop Sting software's virtual hosts return realistic packet information.
  • CyberCop Sting logs snooper activity immediately, so collection of information about potential attackers can occur before they leave.
  • CyberCop Sting requires very little file space but creates a sophisticated virtual network.
Network Associates' CyberCop Intrusion Protection suite is a collection of integrated security tools developed to provide network risk assessment scanning (Scanner), real-time intrusion monitoring (Monitor) and decoy trace-and-track capabilities (Sting) to enhance the security and survivability of enterprise networks and systems. The suite also includes features such as AutoUpdate, modular construction, and Active Security integration to provide product integrity. A Network Associates white paper on next-generation intrusion detection is available at http://www.nai.com/activesecurity/files/ids.doc.

CyberCop Sting is free with the purchase of CyberCop Monitor, Network Associates' new real-time intrusion detection software. Sting is also available as part of the full CyberCop suite, which also includes CyberCop Scanner, CyberCop Monitor and the CASL Custom Scripting Toolkit. The CyberCop Intrusion Protection suite is priced at $17 per seat for a 1,000 user license.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.