Contract # GS00T01AHD0002
Proposal to Add Federal Telecommunications Service Long Distance (FTS LD)
Network Based Passive IDS alerts the Security Monitoring Team in the event that a
hacker attack begins, so that appropriate steps can be taken before the malicious
attacker can gain access to the system. The most important attacks that can be
detected and blocked by the passive IDS are denial of service attacks (not brute force
attacks). These attacks lower customer opinion and loyalty, and, particularly on a
mission critical system, they must be blocked before they can successfully interrupt
proper system operation. The passive IDS actively blocks network access from
anyone who launches a denial of service attack against a protected network by
modifying the active rule base on the network's firewall. IDS logs are available, per
request, at no additional fee.
Host Based Intrusion Detection Services (Active IDS)
Host Based Intrusion Detection Services (Active IDS) is a server specific security
feature. Active IDS is available for all clients and does not require subscription to the
Managed Firewall option.
An intrusion detection software agent (a program that gathers information or
performs a service without the Government's immediate presence) is installed on
each server that is protected, and connects to the management console that provides
configuration and monitoring of the intrusion detection agent. Any event that occurs
on the agent that triggers an alert (whether it be an invalid user login or an
unauthorized change to a production web site) will be immediately noticed.
Appropriate steps will be taken to alert the Government of the potential intrusion.
Active IDS component includes a web site anti graffiti function. The Government
will need to provide a list of authorized web site administrators. Whenever a user that
is not on the authorized list makes a change to a web site file, two actions will take
place the Security Monitoring Team will be alerted to the problem, and the agent
Use or disclosure of data contained on this sheet is subject to the restriction on the title page of this proposal.
I 6 126