download powerpoint presentation here - netevents.tv
Post on 19-Oct-2014
751 views
DESCRIPTION
TRANSCRIPT
Intrusion Prevention System (IPS) Tutorial
Intrusion Prevention SystemsAddressing ever changing and growing threat landscape
1. Blocking attacks in real time including Worms, viruses, spyware, trojans, adware, phishing DDoS, O/S & network device attacks Application & Web application vulnerability attacks VoIP & SCADA attacks Limiting or blocking common apps like P2P & IM
2. To go in-line the IPS must deliver High Availability – Can’t take the network down High Performance with Low Latency – Can’t slow
down application traffic Filter Accuracy – Cannot block legitimate traffic Ease of Use
In-Line, Automated Attack BlockingIn-Line, Automated Attack Blocking
Dirty TrafficGoes In
Dirty TrafficGoes In
Clean TrafficComes Out
Clean TrafficComes Out
AutomaticProtection
In-Line ReliabilityEnsuring network uptime is not compromised
• Dual Hot-Swappable Power Supplies• Hitless TOS Upgrades (no downtime)• Self-Monitoring Watchdog Timers
– Security and Management Engines– Layer 2 switch fallback (can be manually forced)
• Auto Filter Control (AFC)– Each filter monitored for performance
• Performance Protection (PP)– Protects itself when performance levels exceeded
• Link Down Synchronization (LDS)– Links mirrored, brought down together, prevents
Black Hole routing
• Multiple Redundancy Options– Active-Active, or Active-Passive– No requirement to waste segments/ports
• No IP Address or MAC Address• Transparent to Router Protocols
– HSRP, VRRP, OSPF, EIGRP, BGP
RedundancyHigh Availability
Preserve high availability and security
Product Inspected Throughput
Typical Inspected Latency
210E 200 Mbps < 1 millisecond
600E 600 Mbps < 84 microseconds
1200E 1.2 Gbps < 84 microseconds
2400E 2.0 Gbps < 84 microseconds
5000E 5.0 Gbps < 84 microseconds
Core Controller + IPS Solution
10.0 Gbps < 30 microseconds
In-Line PerformanceHardware, O/S and Filters designed for max performance
High inspected throughput with low latency
Filter AccuracyBlocking all the bad and none of the good
Vulnerability filters deliver unsurpassed accuracy
Vulnerability
False Positives(coarse filter)
Standard IPS Exploit Filterfor Exploit A
Exploit A
Exploit B(missed by Exploit Filter A)
TippingPointVulnerability
Filter
98%98%
81%81%
73%73%
45%45%
62%62%
Staying Ahead of the Threats2007 Microsoft vulnerability coverage
Coverage Speed of Coverage
-68 days; 74/75 covered74/75 covered
Broad filter coverage and timely filter delivery
• Easy Installation– Installs in minutes– Out-of-the-box network protection– Shipped with recommended filter settings– No “learning” or false positive tuning
• Easy on-going Management– Automatic threat blocking / network
protection– Automatic filter updates– No manual security event follow-up– No manual updates required– Set and forget policy enforcement
• Automated Reports– Concise, actionable management
dashboard– Automated reports for compliance audits
Central Management Dashboard
Multiple ConsolesPer SMS
Simple to Use Management Appliance
Manage Multiple Units
Ease of UseMaking IPS easy for IT and security staffs
IPS IPSCore
Controller
Easy IPS Installation and Management
IPS Throughout the Network
10Mbps – 1Gbps 1Gbps – 10Gbps nx1Gbps – nx10Gbps
Shared Tape
Windows & Linux Blades
DMZAccess Switch
Access Switch
VPN Concentrat
or
Office LAN
Wireless Campus
Remote Office
Shared Storage
Web Servers
Data CenterCore
AggregationAccess
Distribution Switch
Distribution Switch
VPN
Internet
IPS
IPS
Protect Remote Offices
Protect Core
Network
Protect Web Apps & Servers
Protect Apps, Servers &
Data
Protect WAN
Perimeter
Core Controller / IPS
Protect Major Zones
Core Controller
/IPS
Core Controller
/ IPS
Core Controller / IPS
• Provides automated, in-line security throughout the modern network
• Key criteria for in-line IPS solutions• In-line Reliability - High Availability
• In-line Performance - Throughput with Low Latency
• Extreme Filter Accuracy
• Broad Filter Coverage
• Timely Filter Delivery
• Easy to Use
• Provides automated, in-line security throughout the modern network
• Key criteria for in-line IPS solutions• In-line Reliability - High Availability
• In-line Performance - Throughput with Low Latency
• Extreme Filter Accuracy
• Broad Filter Coverage
• Timely Filter Delivery
• Easy to Use
IPS Summary
Dirty TrafficGoes In
Dirty TrafficGoes In
Clean TrafficComes Out
Clean TrafficComes Out