Cydsoft.com software for network administrators and security specialists
Title
CyD Software Labs
Description
A good administrator must do everything to nip in the bud any attack attempts on his or her system. What is the first thing hackers do to break in to a system? They collect information about the system. Hackers try to learn as much as possible about the system they want to break in to, and administrators must do everything to give as little information as possible about their system or, even better, throw hackers off the track with some false information.
The simplest and initial information gathering technique is port scanning. To determine who tried to scan ports on your machine, when, and from where, you have to detect any nonstandard port events. Doing this manually is difficult, and a good specialized program is called for.
Automated port scanning detection programs are a rather good attack detection tool but, unfortunately, not in all cases. For example, popular servers are scanned often. I believe that such servers as www.yahoo.com or www.microsoft.com are scanned thousands if not millions of times a day. It is useless to pay attention to each of these countless scans. The most important thing is that automatic attack detection consumes computing resources, and sometimes a quite substantial amount. If every scanning attempt is logged, hackers can devise attack-imitating packets. Then all the server will do is handling these supposed attacks. The effect will be a classical DoS attack, because the server will no longer process client requests. To avoid DoS attack you must use Firewall together with a IDS (intrusion detection/defense system).
Logos
