KFSensor

Intrusion detection plays a vital role in ensuring the integrity of a network's security. Network intrusion detection systems (NIDS) have long been seen as the most effective means of detecting attacks. However they do have significant weaknesses.

The increasing quantity and diversity of legitimate network traffic has resulted in ever increasing hardware costs and the large number of false positive alerts generated can be too much to analyse effectively.

By relying on the search for known attack signatures NIDS are unable to detect new forms of attacks and the use of encryption prevents them examining traffic altogether.

An additional approach is required to tackle such problems.

Honeypot technology
A honeypot is a system that is put on a network with the intention that it can be probed and attacked, in order to gain information on an attacker. This concept is a radically different approach to other forms of security and one that is increasingly being recognised to be very effective in detecting security threats.

By allowing intruders to interact with the honeypot, detailed information can be gathered on the techniques and tools that they use. Because there is no legitimate use for the honeypot, all connections it receives are suspect. This results in very few false positive alerts.

KFSensor has been developed from the ground up, as a production honeypot system, dedicated to the task of intrusion detection. Used as part of a comprehensive security strategy, KFSensor adds an additional layer of protection to detect security breaches that may not be picked up by other means.

How KFSensor works
KFSensor is easy to install and configure. It takes just five minutes to set up and become operational. No special hardware is required and its efficient design enables it to run even on low specification Windows machines.

Its straightforward Windows interface controls all functionality. There is no need to edit complex configuration files and it comes pre-configured with all the major systems services required.

KFSensor works by simulating systems services at the highest level of the OSI Network Model - the application layer. This enables it to make full use of Windows security mechanisms and networks libraries, reducing the risk of detection and compromise by not introducing additional drivers and custom IP stacks. A machine running KFSensor can be treated as just another server on the network, without the need to make complex changes to routers and firewalls.

KFSensor provides immediate benefits in revealing the nature and quantity of attacks on a network. By consolidating all the network traffic of an attack into a single alert KFSensor makes it easy to explain a security threat to non-specialist staff.

The information KFSensor generates can be used to refine firewall rules and produce new signatures for network intrusion detection systems.

KFSensor is an extremely cost effective way of enhancing network security infrastructure