Review: McAfee Entercept

By on

Entercept is an intrusion prevention system (IPS). In common with traditional host-based intrusion detection systems (HIDS), Entercept resides on the host itself, but it works at a much lower level than a normal HIDS system.

Entercept is an intrusion prevention system (IPS). In common with traditional host-based intrusion detection systems (HIDS), Entercept resides on the host itself, but it works at a much lower level than a normal HIDS system.

HIDS reacts to events that have already happened and been recorded in log files. But Entercept monitors, at the operating system or web-server level, events that may be used to create such log entries. By seeing these events before processing by the OS or the web server, Entercept can actually stop them before any damage occurs.

Entercept consists of a number of host agents that are controlled by a single central console. Agents are available for Windows NT 4.0 Server, Windows 2000 (Professional or Server) and Sun Solaris 2.6/7/8. There are also web server agents available to provide protection for Microsoft IIS 4.0/5.0 (Windows), Apache 1.3.6 through 1.3.24 (SPARC Solaris), Netscape Enterprise Server 3.6 (SPARC Solaris) and iPlanet Web Server 4.0, 4.1 (SPARC Solaris).

Each agent communicates with the console via triple-DES-encrypted sessions. If communication with the console is interrupted for any reason, the console displays the agent as 'not connected,' but the agent continues to operate in a standalone mode. Security events are stored locally until connection is re-established. Each console is able to manage up to 5,000 agents. Data can also be sent to third-party consoles for further analysis.

One feature of Entercept is web shielding, which ensures that the configuration, layout, and operation of the web site cannot be altered. Even if someone gained administrative privileges on the server, they still would be unable to modify the web site. Entercept can be used to protect the resources of the OS, SQL databases and other applications. Furthermore, a feature called SecureSelect Vault Mode can be used to lock down the operating system itself.

Alerts are displayed on the console, but can also be delivered via email, pager, SNMP trap, and can spawn processes. Depending on the severity level, a log entry is made and the action can be automatically terminated. A plausible error code is returned to the application causing the alert so that the reason for the termination is not obvious.

For:

Protects


Against:

both known and unknown attacks. AGAINST Linux agents are missing at present, but are promised by year end.


Verdict:

Unlike most other web defacement detection systems, Entercept prevents unauthorized modification in addition to alerting on the attempt.

Tags:
entercept group mcafee security test web

Most Read Articles

Devastating flaw puts almost every wi-fi network at risk

Devastating flaw puts almost every wi-fi network at risk
NBN Co works to recover cost of network damage

NBN Co works to recover cost of network damage
Wi-fi flaw confuses Aussie internet users

Wi-fi flaw confuses Aussie internet users
Vocus to sell Aussie data centres, NZ business

Vocus to sell Aussie data centres, NZ business
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology

Events

Log In

Username:
Password:
|  Forgot your password?