Captus Networks Announces Significant Software Enhancements to Its CaptIO Security Devices for Enterprise and Service Provider Networks.Business Editors/High-Tech Writers ATLANTA--(BUSINESS WIRE)--Sept. 10, 2001 NetWorld+Interop Captus' Advanced Traffic Profiling Capability Quickly Identifies Prevalent DoS Attacks and Port Scans, and Implements Effective Policies for Automatically Stopping Them Captus Networks, the leader in protecting networks from Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS) attacks, today announced significant enhancements to its CaptIO(TM) network security device family that provide powerful capabilities for detecting and stopping DoS attacks against high-volume Internet networks and Web sites. The new CaptIO enhancements provide advanced protection for enterprise and service provider networks against DoS and Distributed DoS (DDoS) attacks and against reconnaissance intrusions known as "port scans" which hackers use to gather critical information about a network targeted for attack. Significant enhancements have been made to the CaptIO's advanced Traffic Limiting Intrusion Detection System This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. (TLIDS(TM)), which greatly simplifies the task of systems administrators who ensure the security and availability of their Internet networks. TLIDS identifies a DoS or DDoS attack -- including SYN flood attacks and port scans -- and automatically implements policy-based "rules" based on specific information in the header of a packet such as source and destination addresses, port numbers, and protocol. This capability allows the CaptIO to surgically stop the attack, whether inbound or outbound, while allowing legitimate traffic to continue through the network. "We have been hearing increasingly from our customers and partners about the need for enhanced protection from SYN floods and port scans. SYN floods are increasingly used to disable Web servers and disrupt a company's business, and port scans can expose any network to extremely precise and devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. attacks," said Richard G. Helgeson, Captus Networks' president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. . "By improving the TLIDS policies to specifically deal with these threats, we are bolstering the CaptIO's lead as the most effective solution on the market for countering malicious DoS attacks." CaptIO stops SYN flood attacks less than one second after detection The CaptIO device uses Captus Networks' proprietary and patent-pending technology to identify and stop SYN flood attacks in less than one second after detection, without disrupting legitimate network traffic. SYN flood attacks, like all DoS attacks, attempt to overwhelm the target system and render it unable to handle legitimate network traffic. A SYN flood specifically targets "stateful" network devices such as servers or firewalls which track the state of the connections they make with other devices. With the enhanced TLIDS, the CaptIO is capable of providing the most effective protection today for firewalls and servers against SYN 1. (character) SYN - Synchronous idle. 2. (language) SYN - A syntactic specification language for COPS. ["Metalanguages of the Compiler Production System COPS", J. Borowiec, in GI Fachgesprach "Compiler-Compiler", ed W. attacks and other DoS and DDoS attacks. SYN flood attacks simulate the initial handshake of a TCP/IP TCP/IP in full Transmission Control Protocol/Internet Protocol Standard Internet communications protocols that allow digital computers to communicate over long distances. connection and are typically launched using any of several attack tools that are popular with hackers and easily downloadable from Internet sites. The target system of the SYN flood will process each SYN packet, open a virtual port, and respond with a SYN acknowledgment (SYN_ACK (ACKnowledgment code) The communications code sent from a receiving station to a transmitting station to indicate that it is ready to accept data. It is also used to acknowledge the error-free receipt of transmitted data. Contrast with NAK. 1. ) to the source address. This creates a half-open state where the target system has received the SYN packet but the SYN_ACK has gone unacknowledged by the attacking system(s). The problem compounds as the target system waits, in vain, for the acknowledgments to come back, during which time it receives additional SYN packets that will initiate more connections. Each open connection is allocated specific memory and system resources (1) In a computer system, system resources are the components that provide its inherent capabilities and contribute to its overall performance. System memory, cache memory, hard disk space, IRQs and DMA channels are examples. . If not stopped quickly, the SYN flood attack will consume system resources until the target system becomes unstable or crashes. The Captus TLIDS technology includes algorithms for inspecting packets and determining if an unacceptable level of connection attempts is made against a network or server. If a SYN flood or other DoS attack is identified, traffic between the source and target addresses can be stopped without affecting already-open connections, or additional attack traffic can be diverted to a honeypot A server that is configured to detect an intruder by mirroring a real production system. It appears as an ordinary server doing work, but all the data and transactions are phony. Located either in or outside the firewall, the honeypot is used to learn about an intruder's techniques as server for forensic analysis. TLIDS foils unauthorized port scanning Sending queries to servers on the Internet in order to obtain information about their services and level of security. On Internet hosts (TCP/IP hosts), there are standard port numbers for each type of service. Port scanning is also widely used to find out if a network can be compromised. by hackers planning attacks The latest release of Captus TLIDS technology also thwarts unauthorized port scanning. Systematic port scanning allows an intruder to map a network by identifying the kinds of services and devices attached to it. With this information, a hacker can launch a highly targeted DoS attack against specific devices on the network. A TLIDS policy created to detect port scanning will monitor all network activity and react (as defined by the policy, e.g., alert and deny) to any sources that violate the scan policy. About the CaptIO In the marketplace for DoS solutions, Captus Networks' CaptIO devices offer critically important advantages over other vendors' products. CaptIO devices are unique in that they provide automatic and dynamic protection, without manual intervention, against both inbound and outbound DoS attacks by detecting and stopping attacks in less than one second. By contrast, other solutions are useful only for intrusion detection See IDS and IPS. and operate in an "advisory" capacity, entailing the time lag of human intervention to stop attacks. Captus also provides the only integrated inline security device whose functioning does not involve logging into the network router, an important architectural feature that has benefits for reducing security risk and simplifying network operations. Captus Networks Captus Networks Corp. is an innovative, privately held company privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. that designs, manufactures and markets integrated security hardware devices. In June 2001, Captus Networks closed a second round of financing, receiving $17.6 million from GMS GMS Greater Mekong Subregion GMS Global Mobile (Communications) System GMS Guild Management System GMS General Medical Services GMS Global Management System (Sonicwall) GMS GroupWise Mobile Server Capital Partners, LP, St. Paul St. Paul as a missionary he fearlessly confronts the “perils of waters, of robbers, in the city, in the wilderness.” [N.T.: II Cor. 11:26] See : Bravery Venture Capital, Celerity ce·ler·i·ty n. Swiftness of action or motion; speed. See Synonyms at haste. [French célérité, from Old French, from Latin celerit Partners, H.I.G. Ventures, and several individual investors. In its initial round of funding in May 2000, the company raised $3.5 million in venture capital from GMS Capital Partners. Captus Networks' vision is to be the preeminent supplier of high performance, integrated network A network that supports both data and voice and/or different networking protocols. See converged network and new public network. security devices and services for the e-business marketplace. The company's executive offices are located in Woodland, Calif., near Sacramento. Captus Networks can be contacted on the World Wide Web at www.captusnetworks.com or by calling (877) 9-CAPTUS. Note to Editors: CaptIO and TLIDS are trademarks of Captus Networks. All other company and product names may be trademarks of the company with which they are associated. VISIT CAPTUS AT NETWORLD+INTEROP 2001, BOOTH 942 |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion