Active Response System (ARS)

[Ron Jenkins <rjenkins () rmjconsulting net>]

Hello all

I wanted to introduce a new product that may be of interest to some in the area of Intrusion Detection and Intrusion 
Prevention; http://www.rmjars.com.

Below is a small description.


Active Response System (ARS) has been designed for the purpose of perimeter protection in defense of stopping outside 
attacks, probing, scans and general unwanted traffic. It has been designed to worked directly with Cisco's Adaptive 
Security Appliance (ASA) firewalls, but can be modified to adapt to Cisco routers, switches and possible other 3rd 
party vendors.

IP addresses / subnets are submitted via the console interface to be queued in the database or can be passed directly 
to the ARS agent by outside means of a 3rd party product; such as with Aanval's snort & Syslog Intrusion Detection, 
Correlation and Threat Management product; http://www.aanval.com.

Once the background processor detects an IP address / subnet in the queue, it is checked against the database to see if 
it has already been blocked or if it is listed in the IP Block Prevention Filter. If it is not in the database or the 
IP Block Prevention filter, it checks to verify that the firewall is responding and then makes an SSH connection to the 
firewall to the post the IP address / subnet.

This product has proven to be a valuable addition to companies whom have a security posture on their network in defense 
of the network perimeter. When used in conjunction with an Intrusion Detection solution, it has been found to be a 
extremely powerful addition


Thank you


Ron Jenkins (SnortCP, VCP (3/4), MCNE, CNE6, MCP,CCNA)
RMJ Consulting, LLC. "Bringing Companies and Solutions Together"
Makers of Active Response System(ARS) 'A Security Perimeter Defense System'
Owner / Senior Architect
Physical Address
11715 Bricksome Ave STE B-7
Baton Rouge, LA 70816
Mail Address
7575 Jefferson Hwy #103
Baton Rouge, LA 70806
Office. 225-448-5214
Fax. 225-448-5324
Cell. 225-931-1632
Email. rjenkins () rmjconsulting net<mailto:rjenkins () rmjconsulting net>
Web. http://www.rmjconsulting.net<http://www.rmjconsulting.net/>
ARS Web. http://www.rmjars.com
Linkedin.  http://www.linkedin.com/in/ronmjenkins

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation