Kerio Control is a “Unified Threat Management” solution which transparently monitors inbound and outbound network communication to identify suspicious activity.
It utilises a signature-based packet analysis architecture called “Intrusion Detection and Prevention System (IPS)”. Network behaviour “signatures” are basically attack patterns that are preconfigured and predetermined. Kerio Control has a database of signatures and monitors the network traffic for matches to identify known types of attacks such as worm or server-based attacks, password guessing or brute force, distributed denial of service, port scans or session hijacking.
IPS is also effective at identifying systems that are infected by Trojans, Spyware and other Malware that may not be identified by Anti-Virus software, as they can piggyback an application and appear to be legitimately installed. IPS offers three different actions, which may be adjusted based on the needs of an organisation. These actions, by default, occur as follows, depending on the severity of the potential attack:
At the core of its scanning technology, Kerio Control integrates a packet analyser based on “Snort“. Snort is an Open Source IDS/IPS system that transparently scans all network communication, and provides a framework for incorporating custom rules.
In addition to a rules database comprised of network behaviour signatures, Kerio Control maintains a database of IP Addresses, which are explicitly denied any type of access through the firewall. The IP Addresses included in this database are known to be the origin of some form of attack.
Intrusion Prevention is a highly sophisticated technology, based on a large set of varying rules. Every network is unique, and a so-called “intrusion” may be subject to interpretation. The IPS built into Kerio Control is designed to identify and block attacks as accurately as possible, while maintaining an optimal level of network performance.
Correct Solutions is now Kerio Certified for the Kerio Control software and will be implementing it into network designs where suitable.