Intrusion Prevention System (IPS) Tutorial

Intrusion Prevention SystemsAddressing ever changing and growing threat landscape

1. Blocking attacks in real time including Worms, viruses, spyware, trojans, adware, phishing DDoS, O/S & network device attacks Application & Web application vulnerability attacks VoIP & SCADA attacks Limiting or blocking common apps like P2P & IM

2. To go in-line the IPS must deliver High Availability – Can’t take the network down High Performance with Low Latency – Can’t slow

down application traffic Filter Accuracy – Cannot block legitimate traffic Ease of Use

In-Line, Automated Attack BlockingIn-Line, Automated Attack Blocking

Dirty TrafficGoes In

Dirty TrafficGoes In

Clean TrafficComes Out

Clean TrafficComes Out

AutomaticProtection

In-Line ReliabilityEnsuring network uptime is not compromised

• Dual Hot-Swappable Power Supplies• Hitless TOS Upgrades (no downtime)• Self-Monitoring Watchdog Timers

– Security and Management Engines– Layer 2 switch fallback (can be manually forced)

• Auto Filter Control (AFC)– Each filter monitored for performance

• Performance Protection (PP)– Protects itself when performance levels exceeded

• Link Down Synchronization (LDS)– Links mirrored, brought down together, prevents

Black Hole routing

• Multiple Redundancy Options– Active-Active, or Active-Passive– No requirement to waste segments/ports

• No IP Address or MAC Address• Transparent to Router Protocols

– HSRP, VRRP, OSPF, EIGRP, BGP

RedundancyHigh Availability

Preserve high availability and security

Product Inspected Throughput

Typical Inspected Latency

210E 200 Mbps < 1 millisecond

600E 600 Mbps < 84 microseconds

1200E 1.2 Gbps < 84 microseconds

2400E 2.0 Gbps < 84 microseconds

5000E 5.0 Gbps < 84 microseconds

Core Controller + IPS Solution

10.0 Gbps < 30 microseconds

In-Line PerformanceHardware, O/S and Filters designed for max performance

High inspected throughput with low latency

Filter AccuracyBlocking all the bad and none of the good

Vulnerability filters deliver unsurpassed accuracy

Vulnerability

False Positives(coarse filter)

Standard IPS Exploit Filterfor Exploit A

Exploit A

Exploit B(missed by Exploit Filter A)

TippingPointVulnerability

Filter

98%98%

81%81%

73%73%

45%45%

62%62%

Staying Ahead of the Threats2007 Microsoft vulnerability coverage

Coverage Speed of Coverage

-68 days; 74/75 covered74/75 covered

Broad filter coverage and timely filter delivery

• Easy Installation– Installs in minutes– Out-of-the-box network protection– Shipped with recommended filter settings– No “learning” or false positive tuning

• Easy on-going Management– Automatic threat blocking / network

protection– Automatic filter updates– No manual security event follow-up– No manual updates required– Set and forget policy enforcement

• Automated Reports– Concise, actionable management

dashboard– Automated reports for compliance audits

Central Management Dashboard

Multiple ConsolesPer SMS

Simple to Use Management Appliance

Manage Multiple Units

Ease of UseMaking IPS easy for IT and security staffs

IPS IPSCore

Controller

Easy IPS Installation and Management

IPS Throughout the Network

10Mbps – 1Gbps 1Gbps – 10Gbps nx1Gbps – nx10Gbps

Shared Tape

Windows & Linux Blades

DMZAccess Switch

Access Switch

VPN Concentrat

or

Office LAN

Wireless Campus

Remote Office

Shared Storage

Web Servers

Data CenterCore

AggregationAccess

Distribution Switch

Distribution Switch

VPN

Internet

IPS

IPS

Protect Remote Offices

Protect Core

Network

Protect Web Apps & Servers

Protect Apps, Servers &

Data

Protect WAN

Perimeter

Core Controller / IPS

Protect Major Zones

Core Controller

/IPS

Core Controller

/ IPS

Core Controller / IPS

• Provides automated, in-line security throughout the modern network

• Key criteria for in-line IPS solutions• In-line Reliability - High Availability

• In-line Performance - Throughput with Low Latency

• Extreme Filter Accuracy

• Broad Filter Coverage

• Timely Filter Delivery

• Easy to Use

• Provides automated, in-line security throughout the modern network

• Key criteria for in-line IPS solutions• In-line Reliability - High Availability

• In-line Performance - Throughput with Low Latency

• Extreme Filter Accuracy

• Broad Filter Coverage

• Timely Filter Delivery

• Easy to Use

IPS Summary

Dirty TrafficGoes In

Dirty TrafficGoes In

Clean TrafficComes Out

Clean TrafficComes Out

Thank You

www.tippingpoint.com+1 888 TRUE IPS (+1 888 878 3477)