NetPatrol Setup? 2.0

Technical support forum for Qbik NetPatrol - our new Intrusion Detection System.

Moderator: Qbik Staff

NetPatrol Setup? 2.0

Postby mcb » Nov 06 04 5:37 am

I got the MSI to dl, so i have the help file. But it still doesn't really tell me how to get started from the ground up. I still don't even really know what NetPatrol is good for. I have tried to do what i have gleaned from the forum, but don't really know if it is having any effect.

Let me restate, i basically want something that can tell me, "Hey someone is in here that isn't supposed to be!"

I also have a question about location. Thank you for the diagram for that sheds a little more light on it. But is the best location to have NetPatrol on the Wingate Machine to get an accurate picture of Network traffic? If not, what is the best locale for NetPatrol.

I apologize for my incessant questions, but i can't buy something i can't get to work.

Thanks,

Matt
mcb
 
Posts: 41
Joined: Aug 07 04 7:36 am
Location: NE Tennessee

Postby genie » Nov 06 04 2:02 pm

Hi, Matt

Don't hesitate to ask questions, questions are good!

First off, NetPatrol is NOT a firewall! It's a product that analyzes traffic trying to figure out whether some of the connections can pose some danger to the protected network. It also has an ability to command Wingate server to ban an IP address of the range of them. On our network NP has already helped us discover some worms prolifirated into our network. It also keeps track on DNS flood attempts, locking the intruders out for the certain period of time, etc.

Location... Well, it depends, frankly. To start with NP is quite CPU-hungry - it has to predict the patterns of traffic statistics, text patterns, etc. so if you have heavy traffic through your WG machine it clearly slows it down. Secondly, poistioning the IDS system on a gateway machine makes it twice as vulnerable. What we did locally we made a read-only link from our external hub which feeds external traffic to NP without it being able to send data outside. If a threat is detected NP locks out the offending IP address for some time. So if you have resources this is probably the best location - parallel to your external line.

Let me know if you need further assistance - I'll be glad to help.
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am


Return to NetPatrol

Who is online

Users browsing this forum: No registered users and 1 guest