Font Size: 

In information systems to protect and minimize the impact of threats, it is proposed to use a threat detection system (IDS) based on utilities and a component of the server version of the Linux operating system. The research information system of the enterprise is modeled as a stand for research in the form of a model of topology of objects and subjects of the modular system of detection and notification of network threats. The created system contains the POSTFIX alert module and uses the created custom detection signatures for the psad module. The created system is investigated for efficiency by simulating an attack using ping-flood attacks. The proposed technology for the modular system significantly improves the ability to detect network threats to the web-site. The created modular system of detection and notification (SDN) is a budget solution, has the ability to work on Linux-type operating systems (mainly distributed on various types of business servers). The signature setup for the expanded informing, identification of the malefactor, fixing of cyber evidence of intervention in work of a web-site is carried out.

modular system; threat identification; signature identification, cyber evidence.