Guard Dog Security Server

Image: 

The “Guard Dog Security Server” is a customized stand alone server, dedicated to analyzing all your network traffic, and actively responding to security threats. Security threats are quickly shut down by Guard Dog sending firewall commands to a Tomato / DD-WRT router to immediately cut off the threat.

The server itself is based on Security Onion, a well known Open Source NSM “Network Security Monitoring” program, that runs on a customized Linux operating system. We customized Security Onion by adding some of our own programming that draws the latest threat information from various sources and effectively creates an Active Intrusion Protection System.

Good network security has several layers of protection. The first level of protection is at the firewall. The firewall, such as in our Tomato Routers, filters out a lot of unwanted traffic. We developed an America Only Internet feature that will filter out all but American (or whatever list of countries you choose) Internet IP addresses. A well set up firewall is a good first layer of network security. The firewall basically determines with whom your network is willing to communicate.

The Guard Dog Server adds another layer of protection to your overall network security. A copy of all the traffic passing through your router is sent to Security Onion. Security Onion analyzes that traffic to ultimately decide whether there is a threat or not. If a threat is detected, Security Onion will generate an alert which, using some of our own custom programming, results in a rule being sent to the firewall on the Tomato Router. The rule which is generated by the alert basically says “Drop all traffic for the offending IP address and deny further communication.” The rule effectively shuts down hackers trying to break into your network before they can do any damage.

Guard Dog monitors both incoming and outgoing traffic. If, for example, one of your computers on the network is infected with a Malware program, Guard Dog will detect that it is trying to open up suspicious connections to outside servers. These suspicious connections may be to receive further instructions or downloads. Like a real life guard dog, Guard Dog is always looking for an intruder to chew on!

Security Onion consists of an integrated set of Open Source programs that, when used by someone with the right forensic skills, can answer a lot of questions about what an infected computer is trying to do, what information it is trying to steal, and who it is trying to send it to. Security Onion keeps a history of all your router traffic for a week or two. This stored traffic can recreate suspicious activity for analysis. Security Onion is great at detecting and analyzing threats and the damage they do. Our approach is to shut down threats before any damage can be done.

Once set up, Guard Dog Server can be maintained and monitored remotely by our staff. Our servers send Guard Dog daily updates so it will know about the latest security threats.

The Guard Dog Server runs on the combination of a Server and Tomato Router. The cost is around $3000 for a small office with a dozen or so users. For medium sized offices or heavy Internet traffic, we have a more powerful Server at a cost of $5,000, which includes installation.