The use of intrusion prevention system to increase computer security / Najib Limun

Network intrusion prevention systems provide an important proactive defense capability against security threats by detecting and blocking network attacks. This task can be highly complex and traditional firewall system are currently not capable of handling fast attack through the operating system. The problems arise when many exploits attempt to take advantage of weaknesses in every protocols that are allowed through our perimeter firewalls, and once the Web server has been compromised, this can often be used as a springboard to launch additional attacks on other internal services. Once a “rootkit” or “back door” has been installed on a computer, the hacker has ensured that he will have unfettered access to that machine at any point in the future. Thus, iptables also called as Netfilter can also be implement as an intrusion prevention system. Iptables works by filtering the traffic flow between your computer and the Internet. It can limit access to and from the Internet to only specific computers on your network. It can also limit the type of communication, selectively permitting or denying various Internet services. Hence, to harden the iptables rule, another tool need to be apply to work with the iptables rule script. The psad tool is good in implementing some additional feature like an e-mail alert and logfile analysis