Denial of Service Attacks Blocked by Allot's NetEnforcer; Enhancing Network Security, the NetEnforcer Monitors and Blocks Attempts to Disrupt Enterprise Network Operations.Business Editors/High-Tech Writers MINNEAPOLIS--(BUSINESS WIRE)--Nov. 20, 2001 Allot al·lot tr.v. al·lot·ted, al·lot·ting, al·lots 1. To parcel out; distribute or apportion: allotting land to homesteaders; allot blame. 2. Communications, the premier provider of policy-based networking solutions, announced today the successful implementation of Allot's NetEnforcer(TM) to enhance network security and block Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS) attacks as well as enhance protection of system resources (1) In a computer system, system resources are the components that provide its inherent capabilities and contribute to its overall performance. System memory, cache memory, hard disk space, IRQs and DMA channels are examples. from computer-worms like the Nimda and Code Red. Successful Bandwidth Management Controlling the traffic flow in a network. See bandwidth manager. Delivers Protection From DoS Attacks and Malicious Traffic Malicious worms were recently distributed and unwillingly duplicated throughout the Internet. Unwilling collaborators' systems joined in scheduled and planned Distributed DoS (DDoS) attacks on unsuspecting sites. Infected systems increased demand of bandwidth and server resources, thereby slowing down business-critical applications. Protecting from such illegitimate attacks on network resources is an additional benefit of Allot's NetEnforcer. By utilizing NetEnforcer's unique capabilities to limit and monitor connections per traffic pipe and to block new connections as they come in, the user is able to prevent attacks and send alerts when an attack is imminent. Additionally, a network manager is able to focus -- in real-time -- on the busiest hosts and traffic channels to pinpoint the source of illegitimate traffic. "We have managed to function on normal levels during a recent attack on our network", said Mr. Olivier Gandar, IT Manager of Metz City Hall, "we are continuously monitoring network traffic patterns with the Allot's NetEnforcer to offload our existing firewall and to deflect attacks on our network, should they emerge". "Allot is strengthening its NetEnforcer product line with innovative security features that are demanded today," added Dr. Vijay Ahuja, President of Cipher cipher: see cryptography. (1) The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. Solutions and a well-known security consultant. "The NetEnforcer's protection against DoS attacks creates a first line of defense, enhancing performance of firewalls and other network devices. One of the best security practices for the enterprise is to design such a multi-layered security system." Recent published statistics by CERT (Carnegie Mellon University Carnegie Mellon University, at Pittsburgh, Pa.; est. 1967 through the merger of the Carnegie Institute of Technology (founded 1900, opened 1905) and the Mellon Institute of Industrial Research (founded 1913). ) showed the number of reported attacks to double from 1999 (9,859 incidents) to the year 2000 (21,756 incidents). For the period January through September 2001, reported attacks doubled again (34,754 incidents). Separately, National Infrastructure Protection Center, a government agency, announced a warning that it's expecting the number of DoS attacks to increase (September 17, 2001 Advisory). Furthermore, experts now warn that future worms are going to be more vicious. "Allot's per-flow-queuing technology and admission-control algorithm are proving very useful in providing an answer to DoS attacks and the proliferation of worms," concluded Udi Levin, Allot Communications Director of Product Management. "With a growing number of corporate networks and hosted services under attack, we have successfully protected network resources with the NetEnforcer's performance enhancement utilities." Using Allot's NetEnforcer to Improve Network Security The NetEnforcer family of products enables network managers to allocate bandwidth network resources based on business priorities. Improving network performance by resource management creates a first line of defense from illegitimate users and applications that seize an undeserved un·de·served adj. Not merited; unjustifiable or unfair. un  de·serv share of resources. NetEnforcer detects known DoS and DDoS attacks and intelligently blocks new flows suspected as destructive traffic. Placing the NetEnforcer at the edge of the enterprise's network enhances performance of firewalls and internal network devices. NetEnforcer discards malicious traffic packets that slip through routers, improves application performance and enhances network security. By deploying NetEnforcer, service providers and enterprises can monitor, record and alert users of imminent attacks on network resources. NetEnforcer's extensive real-time monitoring capabilities including tracking busiest servers and users, channel utilization rates, number of open connections along with creation rate of new connections, provides valuable tools for security troubleshooting. Moreover, NetEnforcer's accounting registers traffic statistics of all sessions and assists network administrators to pinpoint attackers. Finally, NetEnforcer's Log gives abnormal-event notifications, such as when packets are denied access. Background Information on DoS Attacks and Worms Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks -- are when an organization's resources or services are taken away by someone's intentional action. There are various types of DoS attacks; the more popular ones are known as Smurf attack An assault on a network that floods it with excessive messages in order to impede normal traffic. It is accomplished by sending ping requests (ICMP echo requests) to a broadcast address on the target network or an intermediate network. The return address is spoofed to the victim's address. (when the person behind the attack sends high volume of ICMP (Internet Control Message Protocol) A TCP/IP protocol used to send error and control messages. For example, a router uses ICMP to notify the sender that its destination node is not available. type packets) and SYN 1. (character) SYN - Synchronous idle. 2. (language) SYN - A syntactic specification language for COPS. ["Metalanguages of the Compiler Production System COPS", J. Borowiec, in GI Fachgesprach "Compiler-Compiler", ed W. attack (when the attacker initiates a high rate of new connections requests and then fails to follow up). Worms are spread from system to system (i.e., clients or servers), by HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. pages, e-mail messages, and copying files -- such as done in Peer-to-Peer applications. While viewing an infected Web page, an unsuspecting client PC will download a copy of the infected executable code Software in a form that can be run in the computer. It typically refers to machine language, which is comprised of native instructions the computer carries out in hardware. Executable files in the DOS/Windows world use .EXE and . . The worm will then spread itself to other files and make changes in system files. About Allot Communications Allot Communications was founded in December 1996 to deliver policy-based networking solutions that improve performance and enable the deployment of mission-critical, time-sensitive applications in IP networks. By providing flexible Quality of Service (QoS) solutions to enterprises, Allot allows network managers to direct allocation of network resources based on business priorities, and thereby to achieve higher efficiency and cost savings. Additionally, by providing Service Level Agreement (SLA (1) (StereoLithography Apparatus) See 3D printing. (2) (Service Level Agreement) A contract between the provider and the user that specifies the level of service expected during its term. ) solutions to service providers, Allot enables network and application service providers to offer SLA-based services to their customers, and thus to increase their own revenue. Allot Communications has established offices in Burlingame (CA), Houston, New York City New York City: see New York, city. New York City City (pop., 2000: 8,008,278), southeastern New York, at the mouth of the Hudson River. The largest city in the U.S. , Minneapolis, Tel Aviv Tel Aviv (tĕl əvēv`), city (1994 pop. 355,200), W central Israel, on the Mediterranean Sea. Oficially named Tel Aviv–Jaffa, it is Israel's commercial, financial, communications, and cultural center and the core of its largest , Tokyo, Singapore, Sophia Antipolis Sophia Antipolis is a technology park northwest of Antibes and southwest of Nice, France. Much of the park falls within the commune of Valbonne. Created in 1970~84, it houses primarily companies in the fields of computing, electronics, pharmacology and biotechnology. (France), Munich, London, and Randers (Denmark). The company sells and markets its products worldwide through original equipment manufacturers (OEM (Original Equipment Manufacturer) The rebranding of equipment and selling it. The term initially referred to the company that made the products (the "original" manufacturer), but eventually became widely used to refer to the organization that buys the products and ) and distributor channels. The company is privately held and venture-backed. Visit Allot on the Web at www.allot.com. Reader Contact Information: Allot Communications, Inc., 250 Prairie Center Drive, No. 335, Eden Prairie, MN 55344, Tel: 952/944-3100, Fax: 952/944-3555, info@allot.com, www.allot.com Note to Editors: Allot Communications, the Allot Communications logo, and NetEnforcer are either registered trademarks or trademarks of Allot Communications Ltd. Other company, brand, product, and service names are trademarks or registered trademarks of their respective holders. Members of the media interested in testing and evaluating any of Allot's products should contact Michael Matthey, 210/820-3070 ext. 106 or michaelm@weinkrantz.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion