Menu
homeTelephone

How does the Intrusion Prevention System (HIPS) work? The IPS system is a modern tool for creating electronic archives, document management systems, PDM and PLM

Intrusion prevention systems (IPS systems).
Protecting your computer from unauthorized access.

Intrusion Prevention Systems– active information security tools that not only detect, but also protect against intrusions and security breaches. For such systems, the abbreviation IPS is traditionally used (from the English Intrusion Prevention System - intrusion prevention system). IPS systems are an improved version of intrusion detection systems, which implement the functionality of automatic protection against cyber threats. Intrusion prevention systems are capable of detecting malicious activity, sending signals to the administrator, blocking suspicious processes, and breaking or blocking a network connection through which an attack is being carried out on data storage or services. IPS can also perform packet defragmentation, reordering TCP packets to protect against packets with changed SEQ and ACK numbers.

The most widespread type of intrusion prevention systems today is HIPS(from the English Host-based Intrusion Prevention System - intrusion prevention system at the host level). HIPS technology is the basis of security products and systems; in addition, elements of HIPS protection have begun to use traditional means of combating malware - for example, antivirus programs.


If we talk about the advantages of HIPS-type intrusion prevention systems, then the main thing, undoubtedly, is the exceptionally high level of protection. Information security experts agree that HIPS systems can provide almost 100% protection against any, even the latest, malware, as well as any attempts at unauthorized access to confidential information. This is protection that perfectly fulfills its main function - to protect. No traditional information security tool can boast such a level of protection.


HIPS tools and techniques are at the core of SafenSoft's information security capabilities. Our products combine all the benefits of intrusion prevention systems and traditional security solutions. SoftControl proactive protection prevents any attempts of unauthorized access to the data and software environment of home PCs (SysWatch Personal and SysWatch Deluxe products), corporate network workstations (Enterprise Suite), ATMs and payment terminals (TPSecure and TPSecure Teller). Our patented V.I.P.O.® application control technology combines 3 layers of protection: controls all running applications, uses a dynamic sandbox to run suspicious processes, and controls application access to the file system, registry keys, external devices and network resources. SoftControl solutions are able to work in parallel with anti-virus packages, providing complete protection of the computer software environment. When working on a local network, SoftControl products have convenient centralized management and an administrator notification system about threats. Unlike traditional security tools, SoftControl solutions do not require constant updates of signature databases.

Modern electronic devices are almost universal. For example, a smartphone copes excellently not only with calls (receiving and making them), but also with the ability to surf the Internet, listen to music, watch videos or read books. A tablet is suitable for the same tasks. The screen is one of the most important parts of electronics, especially if it is touch-sensitive and serves not only to display files, but also for control. Let's get acquainted with the characteristics of displays and the technologies used to create them. Let's pay special attention to what an IPS screen is, what kind of technology it is, and what its advantages are.

How does an LCD screen work?

First of all, let's figure out how modern equipment is equipped. Firstly, it is an active matrix. It consists of microfilm transistors. Thanks to them, the image is formed. Secondly, this is a layer of liquid crystals. They are equipped with light filters and create R-, G-, B-subpixels. Thirdly, this is the screen backlight system, which allows you to make the image visible. It can be fluorescent or LED.

Features of IPS technology

Strictly speaking, the IPS matrix is ​​a type of TFT technology used to create LCD screens. TFT often refers to monitors produced using the TN-TFT method. Based on this, they can be compared. To familiarize yourself with the intricacies of choosing electronics, let’s figure out what IPS screen technology is and what this concept means. The main thing that distinguishes these displays from TN-TFT is the arrangement of the liquid crystal pixels. In the second case, they are arranged in a spiral, at an angle of ninety degrees horizontally between the two plates. In the first (which interests us most), the matrix consists of thin-film transistors. Moreover, the crystals are located along the screen plane parallel to each other. Without voltage applied to them, they do not turn. In TFT, each transistor controls one point of the screen.

The difference between IPS and TN-TFT

Let's take a closer look at IPS and what it is. Monitors created using this technology have many advantages. First of all, it has excellent color rendition. The entire range of shades is bright and realistic. Thanks to the wide viewing angle, the image does not fade, no matter from which point you look at it. Monitors have higher, clearer contrast due to the fact that blacks are reproduced simply perfectly. You can note the following disadvantages that the IPS screen type has. That this is, first of all, high energy consumption, a significant disadvantage. In addition, devices equipped with such screens are expensive, since their production is very expensive. Accordingly, TN-TFTs have diametrically opposed characteristics. They have a smaller viewing angle, and when the point of view changes, the image is distorted. They are not very convenient to use in the sun. The picture gets dark and glare interferes. However, such displays have fast response, consume less energy and are affordable. Therefore, such monitors are installed in budget electronics models. Thus, we can conclude in which cases an IPS screen is suitable, that this is a great thing for lovers of cinema, photography and video. However, due to their less responsiveness, they are not recommended for fans of dynamic computer games.

Developments of leading companies

The IPS technology itself was created by the Japanese company Hitachi together with NEC. What was new in it was the arrangement of liquid crystal crystals: not in a spiral (as in TN-TFT), but parallel to each other and along the screen. As a result, such a monitor produces colors that are brighter and more saturated. The image is visible even in the open sun. The viewing angle of the IPS matrix is ​​one hundred and seventy-eight degrees. You can look at the screen from any point: below, above, right, left. The picture remains clear. Popular tablets with IPS screens are produced by Apple; they are created on an IPS Retina matrix. One inch uses increased pixel density. As a result, the image on the display is grain-free and colors are rendered smoothly. According to the developers, the human eye does not notice microparticles if the pixels are more than 300 ppi. Nowadays, devices with IPS displays are becoming more affordable, and budget electronics models are beginning to be equipped with them. New types of matrices are being created. For example, MVA/PVA. They have fast response, wide viewing angles and excellent color rendition.

Devices with multi-touch screen

Recently, electronic devices with touch controls have gained great popularity. And it’s not just smartphones. They produce laptops and tablets that have an IPS touch screen that is used to manage files and images. Such devices are indispensable for working with videos and photographs. Depending on the type, there are compact and full-format devices. multi-touch is capable of recognizing ten touches simultaneously, that is, you can work on such a monitor with two hands at once. Small mobile devices, such as seven-inch smartphones or tablets, recognize five touches. This is quite enough if your smartphone has a small IPS screen. Many buyers of compact devices have appreciated that this is very convenient.

In this article, you will learn some of the commonly known and little known characteristics of attack prevention systems.

What is an attack prevention system

Attack prevention systems (Intrusion Prevention Systems, or IPS for short) are a development of attack detection systems (Intrusion Detection Systems, or IDS for short). IDS initially only detected threats by listening to traffic on the network and on hosts, and then sent alerts to the administrator in various ways. IPS now block attacks immediately at the moment they are detected, although they can also work in IDS mode - only by notifying about problems.

Sometimes IPS functionality is understood as the joint functioning of both IDS and firewall in one device. This is often caused by the fact that some IPS have built-in rules for blocking packets based on the source and destination addresses. However, this is not a firewall. In a firewall, blocking traffic entirely depends on your ability to configure rules, and in IPS, on the ability of the manufacturer’s programmers to write error-free algorithms for searching for attacks in traffic moving through the network. There is one more “similarity”: the firewall technology, known as statefull inspection, is very similar to one of the technologies used in IPS to identify whether different connections belong to the same network protocol, and here it is called port following. There are much more differences, for example, Firewall cannot detect tunneling of one protocol to another, but IPS can.

Another difference between the theory of building an IPS and a firewall is that when a device fails, the IPS must PASS traffic through, and the firewall must BLOCK traffic. To operate in the appropriate mode, a so-called bypass module is built into the IPS. Thanks to it, even if you accidentally turn off the IPS power, traffic will flow freely through the device. Sometimes IPS is also configured to block traffic when it fails - but these are special cases, most often used when two devices are used in High Avalability mode.
IPS is a much more complex device than a firewall. IPS is used for threats that the latter could not cope with. IPS contains the concentrated knowledge of a huge number of security specialists who have identified, found patterns and then programmed code that identifies problems in the form of rules for analyzing content moving across the network.

IPS in corporate networks are part of multi-layered defense because they are integrated with other security tools: firewalls, security scanners, incident management systems and even antiviruses. As a result, for each attack there are now opportunities not only to identify it and then notify the administrator or block it, but also to conduct a full analysis of the incident: collect packets coming from the attacker, initiate an investigation, and eliminate the vulnerability by modifying the package.

In combination with a proper security management system, it becomes possible to control the actions of the network administrator himself, who must not only eliminate the vulnerability, for example by installing a patch, but also report to the system about the work done. Which, in general, brought tangible meaning to the operation of such systems. What is the point of talking about problems on the network if no one reacts to these problems and is not responsible for them? Everyone knows this eternal problem: the one who suffers losses from disruption of the computer system and the one who protects this system are different people. Unless we consider an extreme case, for example, a home computer connected to the Internet.

Traffic delays

On the one hand, it’s good that it’s possible not only to receive information about an ongoing attack, but also to block it with the device itself. But on the other hand, the attack prevention system has to be installed not on the SPAN port of the switch, but through all network traffic directly through the security device itself, which inevitably introduces delays in the passage of packets through the network. And in the case of VoIP, this is critical, although if you are going to protect against attacks on VoIP, then there is no other way to protect against such attacks.

Thus, one of the characteristics by which you need to evaluate an attack prevention system when purchasing is the amount of network latency that such systems inevitably introduce. As a rule, this information can be obtained from the manufacturer itself, but you can read research from independent testing laboratories, such as NSS. Trusting the manufacturer is one thing, but checking it yourself is another.

Number of false positives

The second characteristic you need to look at is the number of false positives. Just as we get annoyed by spam, false positives have the same effect on security administrators. In the end, administrators, in order to protect their psyche, simply stop responding to all messages from the system and purchasing it becomes a waste of money. A typical example of a system with a huge number of false positives is SNORT. To configure this system more or less adequately specifically to the threats in your network, you need to spend a lot of time.

Some attack detection and prevention systems have built-in correlation methods that rank detected attacks by severity using information from other sources, such as a security scanner. For example, if a security scanner saw that the computer is running SUN Solaris and Oracle, then we can say with one hundred percent certainty that the Slammer worm attack (which targets MS SQL) will not work on this server. Thus, such correlation systems mark some of the attacks as failed, which greatly facilitates the administrator’s work.

Modernity of protective technologies

The third characteristic is methods for detecting (and at the same time blocking) attacks and the ability to tune them to the requirements of your network. Initially, there are two different approaches: signature-based IPS look for attacks based on previously found exploits, and protocol-analysis IPS look for attacks based on knowledge of previously found vulnerabilities. If you write a new exploit for the same vulnerability, then IPS of the first class will not detect and block it, but IPS of the second class will detect and block it. Class II IPS is much more effective because it blocks entire classes of attacks. As a result, one manufacturer needs 100 signatures to detect all types of the same attack, while another only needs one rule that analyzes the vulnerability of the protocol or data format used by all these types of attacks. Recently the term preventive protection has appeared. It also includes the ability to protect against attacks that are not yet known and protection against attacks that are already known, but the manufacturer has not yet released a patch. In general, the word “preventive” is just another Americanism. There is a more Russian term: “timely” - the protection that works before we are hacked or infected, and not after. Such technologies already exist and must be used. Ask the manufacturer when purchasing: what preventive protection technologies they use and you will understand everything.

Unfortunately, there are no systems yet that simultaneously use two well-known attack analysis methods: protocol analysis (or signature analysis) and behavioral analysis. Therefore, for complete protection, you will have to install at least two devices on the network. One device will use algorithms to search for vulnerabilities using signatures and protocol analysis. Another will use statistical and analytical methods to analyze anomalies in the behavior of network flows. Signature-based methods are still used in many attack detection and prevention systems, but unfortunately they are not justified. They do not provide proactive protection because an exploit is required to release a signature. Why do you need a signature now if you have already been attacked and the grid has been broken? Signature antiviruses now cannot cope with new viruses for the same reason - the reactivity of the protection. Therefore, the most advanced attack analysis methods now are full protocol analysis. The idea of ​​this method is that it is not a specific attack that is analyzed, but a sign of exploitation of a vulnerability by the attacker that is looked for in the protocol itself. For example, the system can track whether, before the start of a TCP attack packet, there was a three-packet exchange to establish a TCP connection (packets with the SYN, SYN+ACK, ACK flags). If a connection needs to be established before carrying out an attack, the protocol analysis system will check whether there was one and if a packet with an attack without establishing a connection is sent, it will find that such an attack was unsuccessful because there was no connection. But the signature system will give a false positive, since it does not have such functionality.

Behavioral systems work completely differently. They analyze network traffic (for example, about a week) and remember which network flows usually occur. As soon as traffic appears that does not correspond to the remembered behavior, it is clear that something new is happening on the network: for example, the spread of a new worm. In addition, such systems are connected to an update center and once an hour or more often receive new rules for the behavior of worms and other updates, for example, lists of phishing sites, which allows them to immediately block them, or lists of botnet management hosts, which immediately allows them to detect infections some host as soon as it tries to connect to the bot network control center, etc.

Even the appearance of a new host on the network is an important event for the behavioral system: you need to find out what kind of host it is, what is installed on it, whether it has vulnerabilities, or maybe the new host itself will be an attacker. For providers, such behavioral systems are important because they allow them to track changes in “cargo flow”, because it is important for the provider to ensure the speed and reliability of packet delivery, and if suddenly in the morning it turns out that all the traffic goes through one channel and does not fit in it, and the rest several channels to the Internet through other providers are unused, this means that somewhere the settings have gone wrong and we need to start balancing and redistributing the load.
For the owner of a small network, it is important that there are no attackers inside, so that the network is not blacklisted by spammers, so that attackers do not clog the entire Internet channel with garbage. But you have to pay money to the provider for the Internet channel and traffic. Every company director would like to promptly detect and stop wasting money on traffic that is useless for business.

Analyzed protocols and data formats

If we are talking about technical specialists who are deciding on which attack prevention system to choose, then they should ask questions about the specific protocols that the system analyzes. Perhaps you are interested in something specific: for example, analyzing attacks in javascript, or repelling sql injection attempts, or DDoS attacks, or you generally have a SCADA (sensor control and management system) and need to analyze the protocols of your specialized system, or it is critical for you to protect VoIP protocols , which already have implementation vulnerabilities due to their complexity.
In addition, not everyone knows that IPS events are not only of the “attack” type, there are also “audit” and “status” types. For example, IPS can catch connections and all ICQ messages. If your security policy prohibits ICQ, its use is an attack. If not, then you can simply track all connections and who communicates with whom. Or just disable this signature if you think it's inaccurate.

Specialists

The question arises: where can we get such specialists who understand what needs to be bought, and who will then know how to react to each message from the attack prevention system and will even be able to configure it. It is clear that you can take courses to learn how to manage such a system, but in reality a person must first understand network protocols, then network attacks, and then response methods. But there are no such courses. This requires experience. There are companies that offer outsourcing for managing and analyzing messages received from security system consoles. They have been employing specialists for many years who understand and have a deep understanding of Internet security and they provide effective protection, and you, in turn, get rid of the headache of finding personnel who understand the whole variety of available protection tools, from VPN to antiviruses. In addition, outsourcing involves 24/7 monitoring, seven days a week, seven days a week, so protection becomes complete. And you can usually hire a specialist only to work from Monday to Friday from 9 to 18, and sometimes he gets sick, studies, goes to conferences, goes on business trips, and sometimes unexpectedly quits.

Product support

It is important to emphasize such a point in IPS as the support of its products by the manufacturer. Unfortunately, updates to algorithms, signatures and rules are still necessary, since technologies and attackers do not stand still and new classes of vulnerabilities in new technologies need to be constantly closed. Several thousand vulnerabilities are found every year. Surely, your software and hardware contain several of them. How did you find out about the vulnerabilities in them and how did you protect yourself later? But we need constant monitoring of the relevance of the protection. Therefore, an important component is the constant support of the security tools to which you have entrusted the security of your company: the presence of a professional team that constantly monitors new vulnerabilities and writes new checks in a timely manner, which itself looks for vulnerabilities in order to stay ahead of attackers. So when you buy a complex system like IPS, look at what support the manufacturer offers. It would be useful to know how well and in a timely manner he dealt with attacks that had already happened in the past.

Protection against IPS bypass methods

The IPS itself is very difficult to attack because it does not have an IP address. (IPS is managed through a separate management port.) However, there are methods to bypass IPS that allow you to “deceive” it and attack the networks they protect. These methods are described in detail in the popular literature. For example, the NSS test lab actively uses bypass methods to test IPS. It is difficult for IPS manufacturers to counteract these methods. And how the manufacturer deals with bypass methods is another interesting characteristic of the attack prevention system.

The importance of using IPS in corporate networks has been long overdue; new preventive technologies that protect organizations from new attacks have already been developed, so all that remains is to install and operate them correctly. The article specifically did not mention the names of manufacturers in order to make the review of IPS properties as unbiased as possible.

on the ESG Bureau company website and in the CAD and Graphics magazine. I. Fertman – Chairman of the Board of Directors of the ESG Bureau,
A. Tuchkov – technical director of the ESG Bureau, Ph.D.,
A. Ryndin – Deputy Commercial Director of the ESG Bureau.

In their articles, ESG Bureau employees have repeatedly covered the topic of information support at various stages of the product life cycle. Time makes its own adjustments, caused by the constant development of information technology and the need to modernize implemented solutions. On the other hand, there is now a clear trend towards the use of software tools that meet the requirements of the domestic regulatory framework and the production processes adopted in our country. It is these realities, as well as the accumulated experience in automating the activities of design enterprises, that prompted us to write this article.

The current state of automation of design activities, production and information support of subsequent stages of product lifecycle

The ESG Bureau company has extensive experience in implementing electronic archive systems, PDM, PLM, engineering data management systems in a variety of industries: shipbuilding (Baltic Shipyard OJSC - Rosoboronexport, Sevmash OJSC, Central Research Institute of Ship Engineering CJSC), mechanical engineering (JSC St. Petersburg "Red October"), industrial and civil construction (PF "Soyuzproektverf", JSC "Giprospetsgaz"), the nuclear industry (JSC "Atomproekt", JSC "Roszheldorproekt") and many other enterprises and organizations, which are not listed is included in the goals and objectives of the article.

We emphasize that the implementations were carried out using various software systems: TDMS, Search, SmartPlant Fondation, Autodesk Vault and others, including our own development. The use of a particular software environment is determined by the industry, the tasks at hand, and other factors. It is the extensive experience accumulated by the ESG Bureau in the listed areas that allows us to paint a general picture of the implementation of electronic archive systems, PDM and PLM document management systems at Russian enterprises.

Modern design, production activities, support for operation, modernization and disposal of products cannot be imagined without the use of various kinds of automated systems: CAD (CAD), CAM, PDM, technological preparation systems, PLM systems. The general picture is illustrated in Fig. 1.

Rice. 1. The big picture of automation

As a rule, all listed and unlisted automation tools are present only to some extent, more often at the initial stages of the life cycle of products - design activities and production. At subsequent stages of life cycle, the degree of information support for processes is sometimes extremely low. Let us give just a few examples typical of the most automated stages of life cycle, illustrating the real picture.

Statements about the “implementation of PDM or PLM technologies” in practice often turn out to be only the implementation of an electronic archive and document management system, CD and TD, TDM, and nothing more. Causes:

  • “a play on words” is when an expensive PDM system is used to create the functionality of an electronic archive and document flow CD and TD (which is often interpreted as “the introduction of PDM technology”, although there is no such thing, there is only the implementation of an electronic archive and/or TDM using software - PDM -systems);
  • substitution of concepts - when the name of a software tool contains the abbreviation “PDM” or “PLM”, but the system is not such by the nature of the tasks being solved and, again, at best, solves two problems, but more often one of two:
  • managing the work of designers at the level of documents and sometimes 3D models,
  • management of electronic archives of CDs and TDs.
Let's give an example: the experience of the ESG Bureau company, which included work on creating a mock-up of an information model of a warship, showed that at the operational life cycle stage, the most important thing, alas, is not the information of the designer and builder, but the operational documentation, interactive electronic technical manuals (IETR). At the life cycle stage of operation, logistics support is extremely necessary, allowing for the replenishment of spare parts and accessories in the shortest possible time. Very often, not a single system positioned by the manufacturer as PLM solves “by default” operational problems, although, let’s not deny, such a system may well be used with appropriate modifications, for example, to solve logistics issues. Note that in terms of efficiency and labor intensity spent on revision, this approach is equivalent to using an accounting or ERP system to manage design activities or a text editor to develop design drawings.

Trying to be objective in our assessments, we will not exaggerate further, but will just note:

  • modern automation of design activities, production, and support of subsequent stages of product lifecycle often includes only PDM and PLM elements;
  • often the implementation of PDM and PLM is nothing more than the creation of an electronic archive and document flow of CD and TD;
  • It is premature to talk about the full implementation of PLM technology for all stages of the product life cycle.

Reasons for switching to a new platform

Despite the conclusions of the previous section of the article, we note that very often in an enterprise where an electronic archive, design document flow, an automated system for technological preparation of production, and PDM/PLM elements have been implemented, work without the implemented tools is no longer possible. This is the main indicator of implementation. There was a case in our company’s work when, due to failures that occurred in the Customer’s LAN through no fault of ours, the electronic archive server of one machine-building enterprise became unavailable. The time from the first failure to the first call from the enterprise to our office to technical support specialists was less than a minute. At the same time, all the emotional statements had one thing in common - “without access to the database, the enterprise cannot operate.” In our opinion, this is the most significant practical indicator, surpassing all theoretical calculations.

The reasons for the transition to new technologies and platforms, as well as the expansion of implemented functionality, can be classified into several groups.

Development of technologies and design tools
One of the important factors in the transition to new technologies, software solutions and expansion of the implemented functionality of the design document management system, automated technological preparation system, PDM/PLM elements at the stages of design and production work is the emergence of three-dimensional design tools and the legislative framework that determines the work with electronic models.

As already mentioned, in most cases of “implementation of PDM and PLM” we are talking about TDM, electronic archive and document flow of CD and TD. Such solutions (regardless of the environment in which they were built) in practice, as a rule, work with two-dimensional CD and TD. Historically, at most enterprises where such implementations have been implemented, the principles and approaches of working with two-dimensional design and technological documentation with some “modernizations” for electronic two-dimensional documents have often been “migrated” to new systems. For example, according to GOST 2.501-2006, changes to electronic documents are made in a new version. GOST 2.503-90, which describes making changes “on paper”, allows you to make changes directly to the drawing (crossing out, erasing (washing), painting with white, introducing new data) or creating new documents, their sheets replacing the original ones, in essence - creating versions. The example illustrates that the “modernizations” are not so significant, and the procedure for working with a two-dimensional electronic document practically repeats the work “with paper”.

And the electronic archive and document management tools themselves, CD and TD, which were successfully implemented in their time, very often simply do not support approaches to working with a 3D model, and the previously implemented information system is, as a rule, outdated and does not contain modern integration mechanisms that allow effective revision.

Integration and optimization of production processes
The next factor is the integration and optimization of production processes. Very often our customers have a legitimate desire to automate the entire production chain as much as possible. For example, it is quite logical that when writing technical processes, it is useful for a technologist to have access to the results of the designer’s work. Undoubtedly, I would like to have some kind of unified integrated environment, and it does not matter at all how such an environment is built - within one or several systems. The main thing is the end-to-end transfer of data between participants in production processes, the use and maintenance of up-to-date information.
Creation of integrated geographically dispersed environments
Very often, previously implemented systems do not contain the necessary functionality, and the built-in means of expanding it do not allow achieving the desired - expanding the functionality or organizing the necessary integration interaction with other systems. Often design bureaus and production facilities are geographically separated. Sometimes existing tools do not meet modern ideas about effective automation. For example, exchange files (transport arrays) are used to exchange information between systems in shipbuilding. Often the only means of organizing integration interaction is COM technology. At the same time, modern systems make it possible to effectively organize geographically distributed databases, work with engineering data, and exchange them between remote design bureaus, design bureaus and production.
Economic reasons
Undoubtedly, in any conditions, the economic component of the transition to the use of new platforms is not new, but today it has two main components:
  • investments in a new platform should bring economic benefits;
  • customers express a desire to reduce investments and not depend on foreign manufacturers in a number of industries.

IPS system

For a number of reasons, we will not dwell on well-known Western automation tools. In this section we will try to list the solutions: electronic design archive systems, document management, PDM, PLM, actually adapted to domestic processes, the current regulatory framework of the Russian Federation for design bureaus and production, on the one hand, and taking into account the current state and availability of design automation systems, DBMS, network equipment and interaction, on the other hand. With the above caveat, the choice, alas, is not so great - perhaps someone will argue reasonably (for which we are grateful in advance), but only three solutions are visible on the domestic market:
  • IPS system manufactured by Intermech;
  • LOTSMAN:PLM system produced by Askon;
  • T¬Flex system manufactured by Top Systems.
The purpose of the article is not a formalized comparison of these three systems based on the principle of “presence or absence” of a particular function. Our experience shows that in most cases this approach is very subjective and incorrect. In this regard, today we will limit ourselves to describing only one IPS system.
General functionality
The system is a modular solution that automates design and production tasks - group work of designers, design document flow, implementation of an electronic archive system, conducting technological preparation of production, organizing integration interaction with other systems of the Enterprise.

The general structure of the IPS system is shown in Fig. 2.

Rice. 2. General structure of IPS

Heterogeneity of the IPS environment
It is no secret that the vast majority of such tools are developed by CAD system manufacturers. At the same time, each manufacturer initially solved the marketing problem of attracting customers to work with a set of “its” software products. By the way, this concept is inherent in software solutions not only in the field of automation of design activities and production and not only in our country, but expresses a global trend. Some time ago, this approach underwent changes, and today, as a rule, any manufacturer of a PDM/PLM system will answer in the affirmative the question of whether there is software interaction with CAD systems that are not native to it.

The IPS system is worth noting as not being originally created from “some native” CAD system. The IPS concept can be characterized by the jargon “omnivorous,” which most accurately characterizes its relationship to the design tools used in design bureaus. At the same time, the implementation of IPS reflects the current trend of enterprises having multiple CAD systems. At the same time, we note that sometimes such an “abundance of design tools” in some cases is only an “echo of the era of spontaneous automation”, and in some cases - the result of an economically sound policy, determined, in turn, by the complexity and range of designed products. IPS works equally well with the following CAD systems:

  • AutoCAD;
  • Autodesk Inventor;
  • BricsCAD;
  • Catia;
  • Pro/ENGINEER/PTC Creo Parametric;
  • Solid Edge;
  • SolidWorks;
  • KOMPAS-3D;
  • COMPASS-Graph.
And in addition - with electronic circuit board design systems (ECAD): Mentor Graphics and Altium Designer.
Functionality customization options
The IPS platform allows you to flexibly configure functionality. When making settings, built-in tools can be used (without programming). To implement unique functionality, external programming environments can be used to write plug-in programs.

An important aspect of automation of design, production activities, implementation of electronic archives, PDM/PLM technologies in a modern enterprise is that you do not have to start “from scratch.” In addition, as a rule, the storage of information in electronic form (electronic archive) is already organized to one degree or another, and successful implementation of design document flow, PDM and PLM elements is not uncommon. In more “advanced” cases, there is a single information space and intersystem interaction is organized. At the same time, on the one hand, implemented and successfully operated tools require modernization associated with the transition to new technologies (for example, when introducing three-dimensional CAD systems). On the other hand, previously accumulated databases, technical and organizational approaches should and can be applied when introducing new technologies. For example, a database of “two-dimensional” documentation for previously produced products does not lose its relevance at all when moving to the use of 3D CAD systems (products are operated, modernized, or produced again, regardless of how they are designed - “on a plane” or “on paper” ).

Organization of geographically distributed work
Let us add that the IPS system makes it possible to implement geographically dispersed solutions both within one stage of the life cycle of a product, for example, when designing one or several design bureaus, and within different stages. In this case, it is possible, for example, to design a product by one or several design bureaus and remote access of technologists of one or several distributed production facilities to the results of the designers’ work, automation of technological preparation of production using the appropriate IPS modules. The mechanism for publishing documents and models allows an enterprise remote from the design bureau to make annotations and initiate changes, working in a single geographically distributed environment.

The general structure of the organization of distributed work of IPS is shown in Fig. 3.

Rice. 3. Organization of geographically distributed work of IPS

An example of KB's transition to using IPS
Let's give a real example of transferring from a previously implemented electronic archive system, document flow with PDM and PLM elements in one of the large design bureaus. The main reasons for carrying out the work:
  • transition of design departments to three-dimensional design;
  • lack of technical ability to support work with 3D-CAD systems in the existing electronic archive and document management system with PDM and PLM elements;
  • outdated architecture of the existing system and the impossibility of its further scaling;
  • requirements for geographically dispersed interaction of design bureaus with other design bureaus and production.
Work results:
  • working on issues of data migration from the existing system to IPS;
  • elaboration of issues of migration of processes from the existing system to IPS;
  • software solution - a subsystem of interface interaction between the existing system and IPS to ensure integration interaction of systems, allowing for a “smooth transition”;
  • the organizational component of the transition to using a new system is formulated, taking into account the optimization of time and resource costs.
The first stage - the development of technology and software and hardware solutions - was carried out on a previously designed, “pilot” product.

Currently, according to the work schedule, our company’s specialists are performing the next stage of work based on the previously obtained results: support for the design of two real products of 3D-CAD systems and an IPS system.

Conclusion

  • Often the stages of automation of design bureaus and enterprises, positioned as real implementations of PDM/PLM technologies, are the creation of electronic archives, document management systems CD and TD, TDM (usually for two-dimensional documents). In most cases, we can only talk about the actual implementation of PDM and PLM elements;
  • with the transition to three-dimensional design, previously implemented electronic archive and document management systems CD and TD, introduced PDM and PLM elements do not always meet the new requirements;
  • transferring CD and TD electronic archiving and document management systems, PDM and PLM elements, to new platforms is not an easy, but completely solvable task, requiring a systematic approach developed by the ESG Bureau, which is only partially covered in the article.

Bibliography

  1. Turetsky O., Tuchkov A., Chikovskaya I., Ryndin A. New development of the InterCAD company - a system for storing documents and 3D models // REM. 2014. No. 1.
  2. Tuchkov A., Ryndin A. On ways to create engineering data management systems // REM. 2014. No. 1.
  3. Kazantseva I., Ryndin A., Reznik B. Information and regulatory support for the full life cycle of a ship. Experience of the ESG Bureau // Korabel.ru. 2013. No. 3 (21).
  4. Tuchkov A., Ryndin A. Design data management systems in the field of industrial and civil construction: our experience and understanding // CAD and graphics. 2013. No. 2.
  5. Galkina O., Korago N., Tuchkov A., Ryndin A. The D’AR electronic archive system is the first step towards building a design data management system // CAD and graphics. 2013. No. 9.
  6. Ryndin A., Turetsky O., Tuchkov A., Chikovskaya I. Creating a repository of 3D models and documents when working with three-dimensional CAD systems // CAD and graphics. 2013. No. 10.
  7. Ryndin A., Galkina O., Blagodyr A., ​​Korago N. Automation of documentation flows is an important step towards creating a unified information space of the enterprise // REM. 2012. No. 4.
  8. Petrov V. Experience of creating a unified information space in St. Petersburg JSC "Red October" // CAD and graphics. 2012. No. 11.
  9. Malashkin Yu., Shatskikh T., Yukhov A., Galkina O., Karago N., Ryndin A., Fertman I. Experience in developing an electronic document management system at OJSC Giprospetsgaz // CAD and graphics. 2011. No. 12.
  10. Sanyov V., Suslov D., Smirnov S. Use of information technologies at the Central Research Institute of Ship Engineering // CADmaster. 2010. No. 3.
  11. Vorobyov A., Danilova L., Ignatov B., Ryndin A., Tuchkov A., Utkin A., Fertman I., Shcheglov D. Scenario and mechanisms for creating a unified information space // CADmaster. 2010. No. 5.
  12. Danilova L., Shcheglov D. Methodology for creating a unified information space for the rocket and space industry // REM. 2010. No. 6.
  13. Galkina O.M., Ryndin A.A., Ryabenkiy L.M., Tuchkov A.A., Fertman I.B. Electronic information model of shipbuilding products at various stages of the life cycle // CADmaster. 2007. No. 37a.
  14. Ryndin A.A., Ryabenkiy L.M., Tuchkov A.A., Fertman I.B. Technologies for ensuring the life cycle of products // Computer-INFORM. 2005. No. 11.
  15. Ryndin A.A., Ryabenkiy L.M., Tuchkov A.A., Fertman I.B. Stages of implementation of IPI technologies // Shipbuilding. 2005. No. 4.

Intrusion detections are software or hardware tools for detecting attacks and malicious activities. They help networks and computer systems fight back properly. To achieve this goal, IDS collects information from numerous system or network sources. The IDS then analyzes it for attacks. This article will attempt to answer the question: "IDS - what is it and what is it for?"

What are intrusion detection systems (IDS) for?

Information systems and networks are constantly subject to cyber attacks. Firewalls and antiviruses are clearly not enough to repel all these attacks, since they are only able to protect the “front door” of computer systems and networks. Various teenagers who imagine themselves to be hackers constantly scour the Internet in search of cracks in security systems.

Thanks to the World Wide Web, they have a lot of completely free malicious software at their disposal - all kinds of slammers, blinders and similar harmful programs. Competing companies use the services of professional hackers to neutralize each other. So systems that detect intrusion (intrusion detection systems) are an urgent need. It's no surprise that they are becoming more widely used every day.

IDS elements

IDS elements include:

  • detector subsystem, the purpose of which is the accumulation of network or computer system events;
  • an analysis subsystem that detects cyber attacks and questionable activity;
  • storage for storing information about events, as well as the results of analysis of cyber attacks and unauthorized actions;
  • a management console with which you can set IDS parameters, monitor the state of the network (or computer system), and have access to information about attacks and illegal actions detected by the analysis subsystem.

By the way, many may ask: “How is IDS translated?” The translation from English sounds like “a system that catches uninvited guests in the act.”

The main tasks that intrusion detection systems solve

An intrusion detection system has two main tasks: analysis and an adequate response based on the results of this analysis. To perform these tasks, the IDS system performs the following actions:

  • monitors and analyzes user activity;
  • audits the system configuration and its weaknesses;
  • checks the integrity of critical system files, as well as data files;
  • conducts a statistical analysis of system states based on comparison with those states that occurred during already known attacks;
  • audits the operating system.

What an intrusion detection system can provide and what it cannot

With its help you can achieve the following:

  • improve integrity parameters;
  • track the user’s activity from the moment he logs into the system until the moment he causes damage to it or performs any unauthorized actions;
  • recognize and notify about changes or deletion of data;
  • automate Internet monitoring tasks to find the latest attacks;
  • identify errors in the system configuration;
  • detect the beginning of an attack and notify about it.

The IDS system cannot do this:

  • fill deficiencies in network protocols;
  • play a compensatory role in the event of weak identification and authentication mechanisms in the networks or computer systems that it monitors;
  • It should also be noted that IDS does not always cope with problems associated with packet-level attacks.

IPS (intrusion prevention system) - continuation of IDS

IPS stands for Intrusion Prevention System. These are advanced, more functional varieties of IDS. IPS IDS systems are reactive (unlike conventional ones). This means that they can not only detect, record and report an attack, but also perform protective functions. These features include resetting connections and blocking incoming traffic packets. Another distinguishing feature of IPS is that they operate online and can automatically block attacks.

Subtypes of IDS by monitoring method

NIDS (that is, IDS that monitor the entire network) analyze the traffic of the entire subnet and are managed centrally. With the correct placement of several NIDS, monitoring of a fairly large network can be achieved.

They operate in promiscuous mode (that is, they check all incoming packets rather than doing so selectively), comparing subnet traffic to known attacks from their library. When an attack is identified or unauthorized activity is detected, an alert is sent to the administrator. However, it should be mentioned that in a large network with a lot of traffic, NIDS sometimes fail to check all information packets. Therefore, there is a possibility that during rush hour they will not be able to recognize the attack.

NIDS (network-based IDS) are those systems that are easy to integrate into new network topologies, since they do not have a special impact on their functioning, being passive. They only capture, record and alert, unlike the reactive type of IPS systems discussed above. However, it must also be said about network-based IDS that these are systems that cannot analyze information that has been encrypted. This is a significant disadvantage because, due to the increasing adoption of virtual private networks (VPNs), encrypted information is increasingly used by cybercriminals for attacks.

NIDS also cannot determine what happened as a result of the attack, whether it caused harm or not. All they can do is record its beginning. Therefore, the administrator is forced to independently double-check each attack case to make sure that the attackers achieved their goal. Another significant problem is that NIDS has difficulty detecting attacks using fragmented packets. They are especially dangerous because they can interfere with the normal operation of the NIDS. What this might mean for an entire network or computer system doesn't need to be explained.

HIDS (host intrusion detection system)

HIDS (host-monitoring IDS) serve only a specific computer. This naturally provides much higher efficiency. HIDS analyze two types of information: system logs and operating system audit results. They take a snapshot of system files and compare it with an earlier snapshot. If files critical to the system have been changed or deleted, then an alarm is sent to the administrator.

A significant advantage of HIDS is the ability to perform its work in situations where network traffic can be encrypted. This is possible due to the fact that host-based information sources can be created before the data can be encrypted, or after it is decrypted on the destination host.

The disadvantages of this system include the possibility of blocking it or even prohibiting it using certain types of DoS attacks. The problem here is that the sensors and some of the HIDS analysis are on the host that is being attacked, meaning they are also being attacked. The fact that HIDS use the resources of the hosts whose work they monitor is also difficult to call a plus, since this naturally reduces their performance.

IDS subtypes based on attack detection methods

Anomaly method, signature analysis method and policy method - these are the subtypes of attack detection methods that the IDS system has.

Signature Analysis Method

In this case, data packets are checked for attack signatures. An attack signature is an event that matches one of the patterns that describe a known attack. This method is quite effective because it reduces the number of reports of false attacks.

Anomaly method

It helps detect illegal activities on the network and on hosts. Based on the history of normal operation of the host and network, special profiles are created with data about this. Then special detectors come into play and analyze the events. Using various algorithms, they analyze these events, comparing them with the “norm” in the profiles. The absence of the need to accumulate a huge number of attack signatures is a definite advantage of this method. However, a considerable number of false signals about attacks during atypical, but completely legal events on the network is its undoubted disadvantage.

Policy method

Another method for detecting attacks is the policy method. Its essence is to create network security rules, which, for example, may indicate the principle of interaction between networks and the protocols used. This method is promising, but the difficulty lies in the rather complicated process of creating a policy base.

ID Systems will provide reliable protection for your networks and computer systems

The ID Systems group of companies is today one of the market leaders in the field of creating security systems for computer networks. It will provide you with reliable protection from cyber villains. With ID Systems protection systems, you won't have to worry about your important data. Thanks to this, you will be able to enjoy life more because you will have less worries in your mind.

ID Systems - employee reviews

A wonderful team, and the main thing, of course, is the correct attitude of the company’s management towards its employees. Everyone (even fledgling beginners) has the opportunity to grow professionally. True, for this, naturally, you need to prove yourself, and then everything will work out.

There is a healthy atmosphere in the team. Beginners will always be taught everything and shown everything. There is no sense of any unhealthy competition. Employees who have been working in the company for many years are happy to share all the technical details. They answer the most stupid questions of inexperienced workers kindly, even without a shadow of condescension. In general, working at ID Systems brings nothing but pleasant emotions.

The attitude of the management is pleasantly pleasing. It’s also gratifying that they obviously know how to work with personnel here, because the team they have chosen is truly highly professional. The opinion of employees is almost clear: they feel at home at work.