Frequently Asked Questions

What is Ozone?
What is the connection with the Earth’s Ozone layer?
But I thought the Earth’s Ozone Layer had a hole?

How does Ozone work?
Why do I need Ozone?
What are Ozone's key benefits and features?
Does Ozone notably slow down my system?

Does Ozone rely on signatures?
Which operating systems does Ozone support?

Does Ozone protect against buffer overflows?
How can Ozone stop unknown attacks?
Does Ozone support role-based user management?
Can Ozone notify me when a certain event takes place?
Which applications does Ozone protect?
Does Ozone also protect the operating system?

I use an anti-virus. Is that not enough?
I use an Intrusion Detection System (IDS). Is that not enough?
I use a firewall. Is that not enough?
I use a vulnerability scanner. Is that not enough?
What is the difference between Network Intrusion Prevention Systems (NIPS) and Host Intrusion Prevention Systems (HIPS)?

Can I download Ozone?


What is Ozone?

Ozone is a Host Intrusion Prevention System that protects Windows server and client machines from malicious attacks and computer worms such as Blaster, MyDoom and Witty. Ozone’s technology provides unprecedented levels of security, whilst significantly reducing administration costs and overheads associated with constant patching and signature updating.



What is the connection with the Earth’s Ozone layer?

Just as the Earth’s ozone layer protects living organisms from harmful ultraviolet radiation, Security Architects’ product, Ozone, protects your systems and networks from harmful computer attacks. Once installed, Ozone acts as an invisible layer of protection that you cannot see, but without which your network and computer systems remain vulnerable.



But I thought the Earth’s Ozone Layer had a hole?

It does...

However, our product does not include one!



How does Ozone work?

Ozone is built around process-based mandatory access control technology.

Ozone works by using multiple security rings that closely integrate with each other. Each ring is designed to address specific attack vectors that range from low level attacks, such as buffer overflows, to higher-level attacks such as SQL injection. Combined together, Ozone’s technology provides unprecedented levels of security while significantly reducing administration costs and overheads associated with constant patching and signature updating.



Why do I need Ozone?

Because instead of playing catch-up with the latest threats, Ozone puts you back in control of your networks and systems.

Ozone is designed to protect against both known and unknown attacks as well as protecting data against unauthorized removal (using networks, USB drives, etc).

As Ozone technology does not rely on signatures, this provides a much better security guarantee, whilst lowering the cost of ownership.



What are Ozone's key benefits and features?

  • Protects against both known and unknown attacks.

  • Protects against application specific attacks.

  • Protects the operating system.

  • Protects vulnerable systems before patches become available.

  • Protects data against unauthorized removal (using networks, USB drives, etc).

  • Provides detailed audit trail of all user and program actions.

  • Available for both client and server machines.

  • Requires no signature updates.

  • Low false positive rates.

  • Reduces administrative costs.

  • Easy to manage.



Does Ozone notably slow down my system?

No.

Ozone controls access to all computer system resources (i.e. files, network connections, etc). Once a user or an application gains access to a specific resource, such as an open file, Ozone does not interfere with any further operations.

In addition, as Ozone agents only communicate with the management console when a security event happens, Ozone does not have significant network bandwidth overhead.



Does Ozone rely on signatures?

Unlike existing security technologies, Ozone does not rely on constantly updating signatures in order to keep up with the latest threats. From the outset, the technology behind Ozone was designed to be highly flexible and able to prevent both known and unknown attacks.



Which operating systems does Ozone support?

Ozone supports Microsoft Windows 2000, Windows XP and Windows 2003.



Does Ozone protect against buffer overflows?

Yes, Ozone's memory protection ring is designed to provide transparent protection against memory related attacks such as buffer overflows.



How can Ozone stop unknown attacks?

Unlike reactive security products, such as anti-viruses and Intrusion Detection Systems (IDS), Ozone does not rely on constantly updating thousands of ‘bad behaviour’ signatures in order to keep up with the latest security threats.

Instead, Ozone enforces ‘good behaviour’ of both applications and users. Defining good behaviour is a much easier problem to solve, as both applications and users should only carry out a limited number of tasks. For example, a web server such as Microsoft IIS, would be allowed to list on port 80 and serve web pages but it would not be allowed to execute arbitrary programs or connect to arbitrary computers on the Internet.

Enforcing ‘good behaviour’ provides a much better security guarantee and represents a paradigm shift in the security field.



Does Ozone support role-based user management?

Yes, Ozone enables security managers to decide what each computer, application and user is allowed to do.

For example, a security manager can specify that user John Smith using computer #2 is allowed to access a corporate database, but is not allowed to connect to the Internet. Similarly, user Jane Brown using computer #13 is allowed to browse the Internet, but is not allowed to install any new applications or copy data onto USB removable drives.



Can Ozone notify me when a certain event takes place?

Yes, Ozone can provide detailed audit trails of all actions carried out by selected computers, users or applications.

For example, Ozone can log all attempts to access a certain file, database or website.

Ozone can also log executions of all programs or programs started by specific users.



Which applications does Ozone protect?

Ozone protects both client and server applications.

Protected client applications include (but are not limited to) Internet Explorer and Outlook, as well as other Internet enabled applications such as web browsers (Netscape, Opera), media players (Microsoft Media Player, Real Player), Instant Messaging and Peer 2 Peer applications.

Protected server applications include (but are not limited to) various web servers (Microsoft IIS, Apache), mail servers (Microsoft Exchange), database servers (Microsoft SQL Server, Oracle) and terminal servers (Microsoft Terminal Server).

In addition to protecting all the above applications, Ozone can also protect 3rd party vendor software, as well as any in-house applications an organisation might have.



Does Ozone also protect the operating system?

Yes, Ozone’s system protection ring provides protection against low-level attacks such as privilege escalation and rootkit installation. These types of security problems can be abused by attackers to gain unauthorized privileges as well as install backdoors.



I use an anti-virus. Is that not enough?

Anti-viruses rely on a database of existing viruses to protect computer systems. As numerous new viruses emerge on a daily basis, these databases are rendered obsolete even before they become available.

Besides relying on signatures of known viruses, anti-viruses are unable to protect computer systems from buffer overflows, malicious users or unauthorized data removal.

Unlike anti-viruses, Ozone does not rely on constantly updating signatures in order to keep up with the latest threats. From the outset, the technology behind Ozone was designed to be highly flexible and able to prevent both known and unknown attacks, control malicious users and safeguard all the data.



I use an Intrusion Detection System (IDS). Is that not enough?

Intrusion Detection Systems (IDS) suffer from a variety of flaws:

  • Use signatures to detect known attacks.

  • Unable to prevent attacks or contain the damage.

  • Require 24/7 monitoring by trained personnel.

  • Unable to decode encrypted sessions.

  • Unable to prevent local host attacks.

  • Unable to control what users do with their computer systems (i.e. add/remove applications).

  • Unable to control unauthorized removals of data (i.e. by means of removable USB drives).

  • Might not see the network traffic that belongs to dial-up and VPN sessions.

  • Unable to handle large amounts of network traffic.

Unlike Intrusion Detection Systems, Ozone does not rely on signatures and is designed to prevent both known and unknown attacks. In addition, since Ozone agents run on the end hosts, they have access to all the information necessary to prevent local host attacks, control malicious users and safeguard all the data.



I use a firewall. Is that not enough?

Firewalls are used to filter network connections to and from computer systems.

They are commonly used to block all incoming connections to corporate networks. Nevertheless, recent worms still managed to infect internal computer systems. The worms did not circumvent firewalls, they just bypassed them altogether and entered corporate networks through dial-up / VPN links or unsecured mobile devices such as laptops.

Furthermore, firewalls cannot block all incoming network traffic as many servers such as web servers, mail servers and terminal servers still need to be accessible to the outside world. These open ports can then be accessed and attacked.

Unlike firewalls, Ozone agents are installed on the end hosts where they cannot be bypassed. From the outset, the technology behind Ozone was designed to be highly flexible and able to prevent both known and unknown attacks.



I use a vulnerability scanner. Is that not enough?

Vulnerability scanners are used to identify security weaknesses in computer systems. These scanners rely on a database of existing vulnerabilities to identify vulnerable systems.

As numerous new vulnerabilities emerge on a daily basis, these databases are rendered obsolete even before they become available.

In addition, vulnerability scanners are unable to patch the vulnerable systems or protect them in any other way.

Unlike vulnerability scanners, Ozone agents are able to protect computer systems from both known and unknown attacks.



What is the difference between Network Intrusion Prevention Systems (NIPS) and Host Intrusion Prevention Systems (HIPS)?

Network Intrusion Prevention Systems (NIPS) monitor network traffic and look for signs of attacks.

They suffer from the same flaws as Intrusion Detection Systems such as being unable to handle large amounts of network traffic and being unable to decode encrypted sessions.

In addition, the only source of information available to them is network traffic, which means they cannot prevent local host attacks, control what users do on their computer systems or control unauthorized removals of data (i.e. by means of removable USB drives).

Finally, just like firewalls, NIPS might not see the network traffic that belongs to dial-up and VPN sessions.

Unlike Network Intrusion Prevention Systems, Ozone is designed to prevent both known and unknown attacks. In addition, since Ozone agents run on the end hosts, they have access to all the information necessary to prevent local host attacks, control malicious users and safeguard all the data.



Can I download Ozone?

Yes!

You can now download Ozone agent and its source code for free.

Copyright Security Architects.  ©  1999-2007. All rights reserved.