AwareOS is an intrusion detection system (IDS/IPS) that protects your server from network attacks. It does so by analyzing application logs and network traffic in real-time. In contrast to the traditional firewall where rules are statically defined, awareOS dynamically controls them when it detects malicious behavior

Intrusion Detection

As the threats become more advanced, so have to be the defensive measures on a server. The awareOS product employs both traffic and logs analysis in detecting imminent or ongoing attacks. Whether it is a Slowloris DoS attack designed to exhaust server resources, or brute forcing attempts on the SSH server, this software will provide a wide array of preventive measures against different threat signatures. Your system will be protected 24/7, no human intervention required.

Active Defense

This product stops attacks at the IP layer using the Linux kernel packet filtering facility with dynamically generated rules/tables. In the past, firewall policies were defined once and rarely modified. This approach worked well in in simple web server environments. However, as the organization needs evolve and application become more complex, attack surface of these servers increased. Therefore, we recommend businesses to invest in intrusion detection systems with an active defense mechanism.

Web Application Firewall

Web applications are often the prime target of attacks. Frequently, it is because of an older version of the software where a known vulnerability can be exploited. Therefore, the best form of defense is to keep software up-to-date. In awareOS, we use Varnish, an open source caching HTTP reverse proxy. Not only does it help speed up sites, but also it helps secure web server against DoS and other forms of attacks. Varnish comes with a unique configuration language, VCL. We provide a custom policy that can be used with any application server, such as Apache, NGINX, Tomcat, etc. With the default policy you can, for instance, throttle requests, modify content served by the web server, redirect mobile clients to a different part of the server, etc.

Reports and Alerts

The software can be configured to send alerts when specific events happen. For some services like remote access, it may be important to restrict it after business hours. System alerts are one way to notify a designated person when someone logs in to the server at midnight. Or, when suspicious high volume, unusual DNS names, interesting content transmission, e.g. CC, SSN, traffic is detected. Examples can be numerous. This capability will enable you to receive messages when an network event you subscribe to happens. In addition, a designated business manager, can receive periodic reports on network statistics, security checks performed, highlighting important events.

Attack signatures are elaborate patterns for the system to recognize threats. These work in tandem with firewall policy rules. In awareOS, layers of complexity are hidden from the end user. We do all the heavy-lifting to incorporate proprietary and open source community knowledge into a practical security model in this product, so you will not deal with these layers of complexity.

In addition to what's available in Bro and Suricata, we also periodically analyze session traffic to detect unusual traffic patterns, e.g. too many connections to a site in eastern Europe, or too many DNS lookups. This offline analysis is done in a manner that impacts the system performance the least.

AwareOS is based on popular open-source software such as Bro, Suricata, and Varnish. Suricata is based on rule definitions whereas Bro is more behavior oriented. Each complements the other giving us an advantage in an IPS environment. And luckily for the end user, the rules and signatures are already defined. These individual packages are tightly integrated and configured through a typical command line interface. It is pulled in from Awarent package repository and kept up-to-date using standard Linux tools. Purpose of each package is tailored to a specific use case in our system. Suricata and Bro complement each other for intrusion detection purposes, whereas Varnish is utilized as a web cache with application firewall (WAF) extensions.