EL AL dumps IDS in bid to stop DoS attacks

Israel's airline El Al has replaced all its intrusion detection systems with intrusion prevention appliances - a move it says has cut the threat of worm and denial-of-service attacks.

Guy Balzam, a member of the airline's information security team, said the company had previously used RealSecure IDS systems from ISS. These were replaced earlier this year by an IPS appliance from V-Secure to protect the company website, and a further appliance to guard the company WAN.

"We get a lot of scans on the network, plus other attacks specific to us," Balzam said. "We were also hit by worm attacks, which prompted us to move to an intrusion prevention approach."

IDS, he said, was "not efficient, just good for providing stats." It provided no protection against zero-day attacks, which take advantage of vulnerabilities before companies have the chance to patch them.

Balzam said the appliances ran in detection mode for "a few months", to make sure it did not block legitimate traffic. "We just plugged them in and they were operational after a few hours."

He said false positives were running at an acceptable level, between two and four percent. "Our IDS systems gave us 80 percent false positives, " he said.

He said the IPS had blocked attempted denial-of-service attacks over the last few months, and had also prevented any further worm infections.

He added that a third IPS is now planned to provide protection from infections carried on removable media.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.