Provides intrusion detection, forensic evidence gathering, website monitoring and system recovery capabilities on Windows 2000/XP servers & workstations
London, UK, 12 December 2002 - Knowledge, reputation and customers take years of hard work to acquire - but can all be lost in minutes. That's as long as it takes for a malicious attacker or discontented employee to plant a Trojan that can undo years of hard work. Seeing an attack as it happens, stopping its progress, recovering any lost files, and discovering the cause are essential conditions for business continuity in the connected world. Now all this can all be achieved with GFI's new freeware intrusion detection system, GFI LANguard System Integrity Monitor (S.I.M.).
Monitors important system files for changes
Like all good ideas, the underlying concept is simple, while the implementation is elegant. For an intruder to leave a Trojan that is not immediately apparent, he or she needs to modify existing files; for a malcontent employee to cause damage, he or she needs to change or destroy files. GFI LANguard S.I.M. runs as a service and monitors important system files. If anything happens to them, it immediately sends an alert to an administrator.
GFI LANguard S.I.M. works by generating a checksum for the important files. This is done with MD5, an industry standard one-way hash algorithm developed by one of the world's greatest cryptographers (Ronald Rivest, the 'R' in 'RSA'). The resulting checksum is then stored in a GFI LANguard S.I.M. database. At predetermined intervals a new checksum is generated and compared to the one stored in the database. If it differs, this means that the file has changed and is therefore suspect. An email alert is immediately sent to an administrator.
The effect is that system files cannot be infected by Trojans or viruses without the administrator immediately knowing about it - even where the culprit is new malware that cannot yet be detected by traditional anti-virus applications. The administrator is in a position to take immediate action. He or she will be told about all infected/modified files throughout the LAN, and will consequently be able to disinfect the system thoroughly without fear of re-infection from missed files.
The sequence of events is also securely logged to the GFI LANguard S.I.M. event log, which can be viewed from the Windows Event Log Viewer, meaning that:
- it is relatively easy to restore the system to full health (because the administrator knows which files have been affected);
- the administrator can build evidence against the perpetrator (which is particularly useful when the culprit is an insider); and
- administrators can get an insight into any external hacker's true intentions.
"It is essential for administrators to know when important system files have been modified or deleted, but to date this information has been extremely cumbersome to attain. Using GFI LANguard S.I.M., administrators now have a simple but effective way to receive notifications about such changes as they occur," said André Muscat, GFI LANguard S.I.M. product manager.
Integration with GFI LANguard S.E.L.M.
GFI LANguard S.I.M. integrates with GFI LANguard Security Event Log Monitor (S.E.L.M.), GFI's host-based intrusion detection system designed to monitor Windows-based networks for security breaches in real time. GFI LANguard S.E.L.M. continuously scans the security event logs of all Windows NT/2000/XP machines on a network. If it detects an anomalous event such as a non-authorized user accessing a restricted file, it sends out real-time alerts to the system administrators, allowing immediate attention to potential attacks and intrusions as they occur.
When used in tandem with the workstation-based GFI LANguard S.I.M., a particular strength is in its consolidation and reporting capabilities. Since a high percentage of malicious attacks stem from insiders, GFI LANguard S.E.L.M. can correlate the data provided by GFI LANguard S.I.M. to highlight suspicious behavior, failed logons, and unauthorized attempted object accesses or replacements. Such behavioral patterns can be used to identify potential insider problems before they cause serious damage.
More GFI LANguard S.I.M. features
GFI LANguard S.I.M. also includes these features:
- Multiple scan jobs allowing administrators to monitor different types of files at different intervals.
- Email alerts can be sent to different people for different scan jobs.
- Scans website pages for changes, and can detect web vandalism immediately.
- Tamperproof - it logs file changes to the GFI LANguard S.I.M. Event Log.
More information and a free copy of the product are available at http://www.gfi.com/lansim/index.html.
About GFI
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. Founded in 1992, GFI has offices in Malta, London, Raleigh, Hong Kong, and Adelaide which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners throughout the world. GFI is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.
All product and company names herein may be trademarks of their respective owners.
| 
Products
