[Snort-users] Active Response System (ARS)

Ron Jenkins rjenkins at ...13980...
Mon Jun 27 14:35:39 EDT 2011


Hello all

I wanted to introduce a new product that may be of interest to some in the area of Intrusion Detection and Intrusion Prevention; http://www.rmjars.com.

Below is a small description.


Active Response System (ARS) has been designed for the purpose of perimeter protection in defense of stopping outside attacks, probing, scans and general unwanted traffic. It has been designed to worked directly with Cisco's Adaptive Security Appliance (ASA) firewalls, but can be modified to adapt to Cisco routers, switches and possible other 3rd party vendors.

IP addresses / subnets are submitted via the console interface to be queued in the database or can be passed directly to the ARS agent by outside means of a 3rd party product; such as with Aanval's snort & Syslog Intrusion Detection, Correlation and Threat Management product; http://www.aanval.com.

Once the background processor detects an IP address / subnet in the queue, it is checked against the database to see if it has already been blocked or if it is listed in the IP Block Prevention Filter. If it is not in the database or the IP Block Prevention filter, it checks to verify that the firewall is responding and then makes an SSH connection to the firewall to the post the IP address / subnet.

This product has proven to be a valuable addition to companies whom have a security posture on their network in defense of the network perimeter. When used in conjunction with an Intrusion Detection solution, it has been found to be a extremely powerful addition


Thank you


Ron Jenkins (SnortCP, VCP (3/4), MCNE, CNE6, MCP,CCNA)
RMJ Consulting, LLC. "Bringing Companies and Solutions Together"
Makers of Active Response System(ARS) 'A Security Perimeter Defense System'
Owner / Senior Architect
Physical Address
11715 Bricksome Ave STE B-7
Baton Rouge, LA 70816
Mail Address
7575 Jefferson Hwy #103
Baton Rouge, LA 70806
Office. 225-448-5214
Fax. 225-448-5324
Cell. 225-931-1632
Email. rjenkins at ...13980...<mailto:rjenkins at ...13980...>
Web. http://www.rmjconsulting.net<http://www.rmjconsulting.net/>
ARS Web. http://www.rmjars.com
Linkedin.  http://www.linkedin.com/in/ronmjenkins

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110627/9a6adb06/attachment.html>


More information about the Snort-users mailing list