Threat & Service Monitoring
Ultra Secure Monitoring Services Overview
As part of our Security Shield, we deliver a Threat Monitoring Service to ensure that Bunker-managed systems remain secure and available 24 hours a day, seven days a week, free from incidents and protected from misconduct. This Threat Monitoring Service is maintained and informed via the use of industry-leading intrusion detection systems, health monitoring systems and live data feeds from internet threat monitoring centres and services. It ensures total continuity for all of The Bunker’s resources and an early warning system for impending threats and attacks.
At the system and/or application level, The Bunker’s Service Monitoring system works by taking a data sample from each managed hosted system, with notification made to technical staff immediately in the event of a service not responding to the monitor. Notification is done through graphical web based displays with audible alarms, email and SMS. The system is also used to notify on the activation of services that have not been requested by the client.
Our threat and service monitoring solution is delivered via the world’s leading open source security applications, including:
Nagios – Security Event Monitoring
The Bunker uses Nagios to report security events via web, WAP, SMS and email. As well as monitoring servers and services, The Bunker has adapted Nagios to monitor the environment within The Bunker to enable its security management team to gather information on the condition of other network equipment such as switches, routers and load balancers, temperature, humidity and light levels.
Cacti - Bandwidth Monitoring
The Bunker’s bandwidth monitoring is provided by Cacti, which is used to analyse and display data in the form of graphs and reports. Bandwidth graphs are updated every minute and are monitored by The Bunker’s security management team. These graphs give an immediate indication of any load problems or failures with any of our upstream service providers. This enables The Bunker to re-route traffic via our BGP gateway so that clients do not experience any failure or latency.
Snort – Traffic Analysis
The Bunker uses Snort - an open source network intrusion detection system – to provide real-time traffic analysis and packet logging on IP networks. Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket or WinPopup messages to Windows clients using Samba's smbclient.
BASE (Basic Analysis and Security Engine)
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. The Bunker uses BASE as its front end for the snort IDS system.
