Font Size: 

In information systems to protect and minimize the impact of threats, it is proposed to use a threat detection system (IDS) based on utilities and a component of the server version of the Linux operating system. The research information system of the enterprise is modeled as a stand for research in the form of a model of topology of objects and subjects of the modular system of detection and notification of network threats. The created system contains the POSTFIX alert module and uses the created custom detection signatures for the psad module. By simulating threats, the system is investigated for effectiveness by simulating an attack using ping-flood traffic. The proposed technology for the modular system significantly improves the ability to detect network threats to the web-site. From the review and analysis of web-sites and technologies of web-site security carried out in this work it is established that the optimal place of implementation of the created system is the border of the perimeter of the local network or its segment to protect internal web-sites from external attacks. The resulting system has functionality similar to Cisco ASA series firewalls, but with more flexible configuration of the information system, the ability to connect and create your own signatures to respond to network threats. But the created system prevails over the considered prototype because of possibility of adaptation to detection of new network threats which is present in the developed system (thanks to the applied technology). It is more flexible due to the capabilities available in its component modules to automatically download new anti-virus signatures (possibly using the Linux cron daemon).

модульна система; визначення загроз; сигнатурна ідентифікація, кібердокази.