The companies headquarter and home of the IT-department wants to detect attacks inside the data stream and to react automatically on them. Further requirements of this virtual company are the integration of their locations B, C and D to the new to implement security infrastructure.

In addition, a centralized administration and an automated global reporting for all scheduled IDS & IPS systems is required. As the company has already implemented a firewall system in location A, the installation should be done without any changes on existing IP-addresses, and the IT-infrastructure.

Funkwerk packetalarm IPS operating in bridging mode allows a transparent integration behind the existing firewall. Through the Firewall functionality in funkwerk packetalarm it is easily possible to realize a two stage firewall concept. Integrating funkwerk packetalarm IPS in inline mode can specifically prevent attacks which are currently not identified by the existing firewall.

By using the Sensor/Manager functionality, all funkwerk packetalarm systems that are integrated into the company network can be configured, administrated and monitored via a central manager unit. The Auto-Prevention of funkwerk packetalarm supports the administrator actively in his decisions on how an analysed attack should be handled. More than 9.000 signatures (Base: March 2009) are integrated in funkwerk packetalarm and are pre-classified within an expert system. When the Auto-Prevention is activated, there will be an automatic reaction to all found attacks. All new signatures that are delivered by the funkwerk packetalarm software and pattern update will be classified within the expert system by default. Only the funkwerk packetalarm products have an Auto-Prevention function, and the automatic rule update means that they are protected against attacks more quickly than other systems.

Location B is a subsidiary of location A. In course of a network reorganisation, location B shall get the possibility to react actively against attacks. These security improvements need to be in accordance to the headquarters requirement. The new funkwerk packetalarm system with its Auto-Prevention technology will raise the network security, and will replace the formerly used firewall system in location B.

Funkwerk packetalarm IPS operating in routing mode allows the usage as a gateway. Provided with the IP-address of the former firewall, no further changes of the subsidiaries IT-infrastructure are necessary. The system is managed by, and reports to the central manager at location A. The funkwerk packetalarm IPS Multi-Inspection Firewall is now the first checkpoint for all data traffic in a two-stage security concept. The rules of the firewall can be configured effortlessly and deployed quickly.
 
 
 
 

Location C carries on the webshop of the company as internal hosting and must assure under all circumstances a fail-safe access to the server. Funkwerk packetalarm IPS build up as high-availability solution guarantees the availability for the shop users and the operator. In the event of failure, a second funkwerk packetalarm system takes charge of all functions.
 
 
 

Location D has the necessity to monitor the internal data traffic. The performance of the existing network may not be affected under any circumstances.

By the operation of funkwerk packetalarm IDS and its installation in sniffing mode, this requirement is fulfilled at any time. The internal data traffic from client to server, from client to client and from client to the Internet can be analysed and controlled. The events and attacks detected by funkwerk packetalarm IDS are all transmitted to the centralized manager in location A, where global reports can be created.

Even implemented in sniffing mode, funkwerk packetalarm IDS can actively respond to attacks and prevent them by means of a TCP-Reset or a firewall hardening. As all funkwerk packetalarm products, funkwerk packetalarm IDS contains the Traffic-Trace functionality. By using this function, all communication data during an event or attack can be stored and analyzed.