Managing Latency in IPS Networks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Managing Latency in IPS Networks"

Transcription

1 Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings using which, you can begin monitoring traffic immediately after adding a Sensor to your network. However, to realize the complete effectiveness of the Sensor, optimal policy tuning on the Sensor is necessary. McAfee provides a considerable amount of configuration flexibility on its Sensors to enable you to tune policies - for proactive blocking and reduced false positives. Once the Sensor starts monitoring your network traffic, the next concern would be the Sensor's performance. Continuous stateful inspection of network packets is bound to have an impact on performance. For an inline device, the key performance metrics are attack coverage, throughput, load balancing, latency, and scalability. To balance the trade-off between security effectiveness and performance, McAfee Network Security Platform provides several configurable options to balance the traffic load with minimal latency. Latency through the Sensor can vary significantly based on packet size, complexity of protocol or presence of attack traffic. Average latency through the Sensor is typically observed under 1 milli second in real-world networks. 1

2 This document helps you identify the options that can be considered while deploying the Sensor inline in your network, to maximize attack coverage with optimal performance, and minimal latency. McAfee recommends a 5-step approach to manage latency, as depicted in the figure below. 1 Select the right Sensor model Each Sensor model has a throughput limit. For example, the M-2850 Sensor is rated at 600 Mbps performance. If the Sensor begins to see traffic more than 600 Mbps, the Sensor may not keep up with the traffic and introduce latency. It is important that you stay within the operating parameters of the device you deploy. If you are running traffic at gigabit speeds, then use an M-3050/M-4050/M-6050/M-8000/NS9x00/NS7x00 Sensor, which have a much higher throughput. The following tables provides the throughput, number of connections, average latency for different Sensor models: NS-series: Maximum Type Aggregate Performance Max Throughput with test equipment sending UDP packet size of 1512 Bytes NS9300 NS9200 NS9100 NS7300 NS7200 NS up to 70 up to 35 up to 30 up to 15 up to 10 up to 5 2

3 Maximum Type Concurrent Connections Connections established per second Default number of supported UDP Flows Supported UDP Flows maximum Supported UDP Flows minimum Latency (Average UDP per packet Latency) NS9300 NS9200 NS9100 NS7300 NS7200 NS ,000,000 16,000,000 13,000,000 10,000,000 5,000,000 3,000,000 1,000, , , , , , , , , , , ,000 12,000,000 6,000,000 6,000,000 3,000,000 3,000,000 3,000,000 1,000 1,000 1,000 1,000 1,000 1,000 <100 µs <100 µs <100 µs <100 µs <100 µs <100 µs Virtual IPS: Maximum Type IPS-VM600 IPS-VM100 Aggregate Performance 600 Mbps 100 Mbps Maximum throughput with test equipment sending UDP packet size of 1518 bytes Up to 1 Up to 150 Mbps Concurrent connections 600, ,000 Connections established per second 20,000 6,000 Default number of supported UDP Flows 25,000 10,000 Supported UDP Flows 254,208 39,168 Latency (Average UDP per packet Latency) M-series: Maximum Type Aggregate Performance Maximum throughput with test equipment sending UDP packet size of 1518 bytes Concurrent connections Connections established per sec. M-8000 M-6050 M-4050 M-3050 M-2950 M-2850 M-1450 M Mbps Up to 20 Up to 10 Up to 4 Up to 2.5 Up to 1.5 Up to Mbps Up to 300 Mbps 100 Mbps Up to 150 Mbps 5,000,000 2,500,000 2,000,000 1,000, , ,000 80,000 40, ,000 60,000 36,000 18,000 15,000 10,000 4,000 2,000 3

4 Maximum Type Default number of supported UDP Flows Supported UDP Flows Latency (Average UDP per packet Latency) M-8000 M-6050 M-4050 M-3050 M-2950 M-2850 M-1450 M , , ,000 50,000 50,000 25,000 10,000 5,000 3,000,000 1,500, , , , ,500 60,000 30,000 2 Select the right IPS policy When you first add a Sensor inline in your network, start your policy configuration by applying either the Default Inline IPS or Default IDS or Default IPS Attack Settings policy under Policy <Admin Domain Name> Intrusion Prevention IPS Policies. This enables you to begin monitoring your network immediately. Subsequently, pick the policy that best matches your needs, and clone the policy. Then remove any irrelevant attacks, add any additional attacks, and configure appropriate response actions to respond to detected attacks. Some amount of false positives and irrelevant alerts can occur for the first 3 to 4 weeks. Tune your policies to delete attacks that do not apply to your environment to reduce the amount of insignificant alerts generated by your Sensors. For example, if you use only Apache Web servers, you may wish to disable IIS-related attacks. While deploying the Sensors inline on high throughput networks, it is not recommended to use the All-Inclusive without audit and All-Inclusive with audit policies. While these policies enable you to fully analyze your network traffic, these include many audit signatures, which alerts on benign traffic. A very high alert volume causes latency in your network. 3 Tune your policies to suit your network Consider the following options to better tune your IPS policies in McAfee Network Security Platform. 3.1 Custom Signatures McAfee Network Security Platform allows you to create custom attacks in McAfee's proprietary format as well as using Snort rules language. However, the ability to create a custom attack can sometimes turn tricky. For instance, a mistake in implementation of a signature on a high traffic network could cause a large number of alerts to be generated. Create custom signatures under Policy <Admin Domain Name> Intrusion Prevention Advanced Custom Attacks using the following best practices: 4

5 Verify that the custom attack you intend to create does not duplicate any attack provided by McAfee Network Security Platform. In case of a duplicate, you have the flexibility to use both or just the custom attack instead of the McAfee supplied attack. If you choose to use both, then note that the Sensor raises two alerts for the same attack traffic. If the pattern your signature searches for occurs too often in the network traffic being analyzed, checking each match to determine whether it fulfills a signature condition reduces Sensor performance. Avoid using many L3/L4 fixed-field tests in the custom signature, since it is examined in IP/TCP/UDP header on each packet. Avoid using very common strings that every flow/packet contains such as ".com" in HTTP traffic. If you have configured multiple interfaces on the Sensor, wherein one interface is using All Inclusive with Audit, while other interface is using Default Inline IPS, the All Inclusive with Audit gets preference and is applied to the Sensor. This causes performance/latency issues. It is recommended that you apply Default Inline IPS policy on all interfaces to improve performance and avoid latency. Avoid single byte or two-byte string match tokens in the custom signatures. Remove the attacks that have wrong detection logic and may never be triggered. For example, a signature to check dest-ip=" " AND dest-ip=" ". 3.2 HTTP Response Scanning Based on the needs of your organization, you can enable HTTP response inspection for inbound traffic, outbound traffic, or both directions. To enable HTTP response scanning, go to Policy <Admin Domain Name> Intrusion Prevention Policy manager. In the Interfaces tab, double-click the interface for which you want to enable the response scanning. The <Device Name/Interface> panel opens on the right-side. In the Inspection Options section, click the edit icon to edit the already applied policy. The Inspection Options page opens. In the Traffic Inspection tab, under HTTP, select the direction in which you want to enable from the HTTP Response Traffic Scanning drop-down. However, to minimize the potential performance impact on the Sensor: McAfee recommends that you enable HTTP response processing on the outbound traffic. Consider enabling HTTP response on the inbound traffic only if you suspect that your internal Web Server is/could be compromised. 3.3 Non-standard Ports Network Security Platform detects threats for certain standard protocols irrespective of which ports they run on. However, if a non-standard port is used in your network for a standard protocol, configure the port number under Policy <Admin Domain Name> Intrusion Prevention Advacned Non Standard Ports to reduce latency caused by re-routing of necessary traffic due to non-standard port number. For example, HTTP by default uses port 80 or 8080; therefore, a Sensor reading a packet with port 80 or 8080 attempts to decode that traffic as HTTP traffic. However, if you are running an HTTP server on port 2560, then configure this as the non-standard port for HTTP, on the Manager. Avoid configuring the port number for one standard protocol as a non-standard port for another protocol. 5

6 3.4 Latency Monitoring Latency monitor is configured in either of the following modes to take action when high latency is observed: Issue latency-monitor enable action alert-only to generate an alert when a high latency is observed at the Sensor. Issue latency-monitor enable action layer2-forward to generate an alert and also forwards the traffic to layer 2. You can view these alerts in the Real-Time Threat Analyzer of the Manager. You can use the following CLI commands to enable, set sensitivity level, and check the status of latency monitor feature: latency-monitor enable action Enables latency monitoring in the Sensor and also specifies the action to be performed if high latency is observed in the Sensor. The following are the actions that can be specified in this command: alert-only (generates an alert when a high latency is observed in the Sensor) put-in-layer2 (generates an alert and also forwards the traffic to layer 2). Alerts that are generated can be seen in the System faults page in the Manager. Syntax: latency-monitor enable action <alert-only put-in-layer2> This command should be executed with a parameter value, else the command is treated as invalid. Example: If layer2-forward is enabled, it is necessary to set the layer 2 mode to be on. Otherwise the layer2-forward action does not get executed. latency-monitor enable action alert-only latency-monitor sensitivity-level Configures the sensitivity level for latency management. Syntax: latency-monitor sensitivity-level high latency-monitor sensitivity-level medium latency-monitor sensitivity-level low 6

7 latency-monitor restore-inline When a high latency is observed on the Sensor and the latency monitor is configured, the Sensor remains in layer 2 until a layer2 mode deassert is invoked or the Sensor reboots. This command allows the Sensor to come out of layer 2 mode without layer 2 deassert. The Sensor restores to inline from layer 2 if the following conditions are met: The latency monitor has put the Sensor in layer 2 mode. The Sensor is in good health. If the Sensor is in bad health, a deassert cannot be performed and the Sensor reboots. A substantial amount of time has lapsed, as configured using this command, when the Sensor went into layer 2 due to latency. The default time to trigger an automatic layer 2 deassert is 10 minutes. If the latency continues to exist after the Sensor is restored to inline mode, the Sensor behaves according to the current setting of the latency monitor. Syntax: latency-monitor restore-inline enable <10-60> latency-monitor restore-inline disable Parameter Description <10-60> The time in minutes to trigger the restore inline from layer 2. It is counted since the time the Sensor moved into layer 2 state due to high latency. The latency-monitor status command displays the status of the latency monitor feature, and the status of the restore-inline feature of the latency monitor. latency-monitor Disables the latency monitoring feature or displays the status of latency monitoring feature. Syntax: latency-monitor <disable status> Default Value: Latency monitoring feature is disabled by default. If disabled, latency monitoring feature does not generate any alert nor forward the traffic to layer 2 when high latency is observed. If latency monitoring is enabled, the following information is displayed. latency monitoring status (enable or disable) configured action (alert-only or layer2-forward) 3.5 Packet Logging Large amount of packet logging will cause adverse impact on Sensor performance. On high throughput network, it is advisable to stick to default or disable packet logs for alerts that are not required. 3.6 Scanning Exceptions There could be certain traffic that you want the Sensor to allow or block without deeper inspection. Configure stateless access rules to bypass inspection for trusted high throughput applications like database backups. The Sensor allows or blocks packets just based on the L4 information in those packets, thereby saving time and resources. 7

8 Configure scanning exceptions to bypass scanning of traffic from a configured VLAN, TCP, or UDP port. Once set, these rules take precedence over Firewall access rules. [Failover ports and M 8000 interconnect ports cannot be configured for scanning exceptions.] You can configure scanning exceptions under Devices <Admin Domain Name> Devices <Device Name> Setup Advanced Stateless Scanning Exception. 3.7 Access Rules for Fragmented Traffic Configure access rules for fragmented traffic to selectively specify rules for a host (or network) based on which the Sensor skips reassembly handling of the fragmented traffic. This helps in decreasing the latency of the fragmented traffic for the specified network or host. Use this feature only with a trusted host and only if you are receiving extremely high amount of fragmented traffic. For example, use access rules for fragmented traffic if your NFS server is sending huge amount of fragmented traffic through your Sensor. Using this feature, receiving traffic from an unknown host can mean evasion using IP fragments. All fragmented traffic are reassembled prior to processing if the traffic does not match any access rules configured for fragmented traffic. Also note the following: You can use access rules for fragmented traffic only with TCP flow violation set to Permit out of-order. Syn cookie should not be used when access rules for fragmented traffic are applied. Firewall logging is not supported when access rules are configured for fragmented traffic. 3.8 Layer 7 Data Collection If you have layer 7 data collection enabled under Devices <Admin Domain Name> Devices <Device Name> Setup Advanced L7 Data Collection, then disable protocols or specific fields within a protocol. This optimizes the Sensor performance. 3.9 Heuristic Web Application Server Protection If you have configured Policy <Admin Domain Name> Intrusion Prevention Inspection Options Policies, then configure only the critical Website paths that you want to protect as it affects Sensor performance Advanced Traffic Inspection Configure inspection for advanced evasions only if necessary under Policy <Admin Domain Name> Intrusion Prevention Inspection Options Policies. On a deployment with a high percentage of good traffic and some traffic that uses evasions, the Sensor throughput could drop. 4 Monitor Sensor Performance Once you have configured/customized your policies, use the Manager to monitor the Sensor performance to detect early signs of performance/latency issues in your network. 4.1 Monitor via CLI Use the following CLI commands to monitor Sensor performance. 8

9 4.1.1 show sensor-load Syntax: show sensor-load Run the show sensor-load command to view the following statistics: the average load of traffic on the Sensor processing elements maximum load of traffic seen on each Sensor processing element show mem-usage Syntax show mem-usage Run the show mem-usage command to review the following counts: Avg. Used TCP and UDP Flows across all PEs Max. Used TCP and UDP Flows on a single PE Avg. Used Fragmented IP Flows across all PEs Max. Used Fragmented IP Flows on a single PE Avg. Used ICMP Flows across all PEs Max. Used ICMP Flows on a single PE Avg. Used SSL Flows across all PEs Max. Used SSL Flows on a single PE Avg. Used Fragment Reassembly Buffers across all PEs Max. Used Fragment Reassembly Buffers on a single PE Avg. Used Packet Buffers across all PEs Max. Used Packet Buffers on a single PE Avg. Used Attack Marker Nodes across all PEs Max. Used Attack Marker Nodes on a single PE Avg. Used Shell Marker Nodes across all PEs Max. Used Shell Marker Nodes on a single PE Avg. Used L7 Dcap Alert Buffers across all PEs Max. Used L7 Dcap Alert Buffers on a single PE Max. Used L7 Dcap Alert Buffers on a single PE Avg. Used L7 Dcap flows across all PEs Max. Used L7 Dcap flows on a single PE show inlinepktdropstat <port> Syntax show inlinepktdropstat <port> 9

10 Run the show inlinepktdropstat command to know how many packets are dropped at the Sensor port. Information displayed includes the count for each of the following categories: IP checksum errors TCP checksum errors UDP checksum errors ICMP checksum errors ACL-related packets dropped Out-Of-Context/Bad packets dropped Sensor cold-start-related packets dropped Off/HdrLen error packets dropped Dropped attack packets (that is, blocked packets) IP reassembly timeout packets dropped TCP Out-Of-Order timeout packets dropped Dropped packets containing TCP protocol errors Dropped packets containing UDP protocol errors Dropped packets containing ICMP protocol errors Dropped packets containing IP protocol errors Packets dropped due to the Sensor being out of resources Dropped packets containing CRC errors Dropped IP-spoofed packets ICMPv6 checksum error drop count IPv6 reassembly timeout drop count ICMPv6 Protocol error drop count IPv6 Protocol error drop count Host Quarantine IPv4 packet drop count Host Quarantine IPv6 packet drop count Other Layer-2 error packets dropped IP sanity check packets dropped IPv6 sanity check packets dropped Total IP No Credit Packets dropped Total Rate Limit Packets dropped sensor-datapath-stat-analysis show Syntax sensor-datapath-stat-analysis show 10

11 Run the sensor-datapath-stat-analysis show command to view a list of Sensor statistics that affects latency: Total packets received Total TCP packets Total UDP packets Total non TCP/UDP packets Total fragments Total duplicate fragments Total attack detected Total alert generated Total alerts dropped without response Total alerts dropped because of filter setting Total logs sent Total packets matching L3/L4 UDS Policy Ruleset on Sensor **Analysis of the statistics** Attack dropped without response action Non TCP/UDP Traffic Attack dropped because of filter setting Traffic matching L3/L4 UDS Traffic detected with attack Count of fragments Fragmented traffic Percentage of logs to alerts sent TCP Traffic Snort signature support UDP Traffic 4.2 Monitor via Manager Use the Threat Analyzer and System Faults pages in the Manager to monitor Sensor performance in your network Threat Analyzer Dashboards In the Manager, set the thresholds and enable alarm for Sensor performance under Devices <Admin Domain Name> Devices <Device Name> Troubleshooting Performance Monitoring. Once the thresholds are configured, the core Sensor performance metrics are monitored using the Threat Analyzer. Metrics such as Utilization-Device TCP/UDP Flow, Utilization-Device Throughput, Status of Activities, and Operational Status Summary are displayed in the default NSP Health dashboard. You can also create custom dashboards and monitors to view various other Sensor statistics: Statistics Flows TCP and UDP flow data processed by a device. Checking your flow rates can help you determine if your device is processing traffic normally, while also providing you with statistics such as the maximum number of flows supported and number of active TCP and UDP flows. Statistics IP Spoofing Number of IP spoofing attacks detected by the Sensor. Statistics are displayed per direction. 11

12 Statistics Malware Malware detected for a given device. Statistics Port Packet Drops Packet drop rate on an interface. Statistics Rate Limiting Estimated number of packets dropped/bytes dropped by the device. You can view rate limiting statistics for each device (per interface), listed under the Devices tab. Statistics Rx/TX Total number of packets received (Rx) and transmitted (Tx) for a given device. Statistics Device Packet Drops Packet drop rate on a device. The statistics is displayed on a per device basis. The statistics includes the count of number of packets dropped by a device due to the configured rate limiting and sanity check failures Operational Status Faults From the Manager Dashboard page, click any fault in the System Health monitor to view the faults in the System Faults page. Watch out for performance and latency related faults: Fault Name Device in high latency mode Device latency monitoring configuration is conflicting with layer 2 monitoring configuration Device performance <Utilization - Device CPU, Utilization - Device TCP/UDP Flows, Utilization - Device Throughput, Utilization - Port Throughput> Action The device attempts to automatically recover from the high latency condition. Disable moving Sensor to layer 2 bypass mode on high latency or enable layer 2 pass through monitoring. Check the Sensor, and tune your policies to bring the affected metric below the configured threshold level Number of Alerts If you are receiving the Sensor: Attack Marker Resources Exhausted alerts in high volume, then monitor the percentages reported for attack marker nodes and the load on the Sensor via Sensor CLI interface. If the latency continues, tune your policies to bring down the latency experienced. Copyright 2015 McAfee, Inc. Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others. 12 0B00

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Administration Course McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services

More information

Network Security Platform 7.5

Network Security Platform 7.5 M series Release Notes Network Security Platform 7.5 Revision B Contents About this document New features Resolved issues Known issues Installation instructions Product documentation About this document

More information

McAfee Network Security Platform 8.2

McAfee Network Security Platform 8.2 8.2.7.71-8.2.3.84 Manager-Mxx30-series Release Notes McAfee Network Security Platform 8.2 Revision B Contents About this release New features Enhancements Resolved Issues Installation instructions Known

More information

Network Security Platform 8.0

Network Security Platform 8.0 XC-Cluster Release Notes Network Security Platform 8.0 Revision A Contents About this document New features Resolved issues Known issues Installation instructions Product documentation About this document

More information

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

10 Configuring Packet Filtering and Routing Rules

10 Configuring Packet Filtering and Routing Rules Blind Folio 10:1 10 Configuring Packet Filtering and Routing Rules CERTIFICATION OBJECTIVES 10.01 Understanding Packet Filtering and Routing 10.02 Creating and Managing Packet Filtering 10.03 Configuring

More information

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N

More information

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010 OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010 What is Trend Micro OfficeScan? Trend Micro OfficeScan Corporate Edition protects campus networks from viruses, Trojans, worms, Web-based

More information

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction

More information

McAfee Advanced Threat Defense 3.6.0

McAfee Advanced Threat Defense 3.6.0 Release Notes McAfee Advanced Threat Defense 3.6.0 Revision C Contents About this release New Features Enhancements Resolved issues Installation and upgrade notes Known issues Product documentation About

More information

Managing Virtual Servers

Managing Virtual Servers CHAPTER 4 Content Switching Module Device Manager (CVDM-CSM) displays details of existing virtual servers and enables users to perform detailed tasks that include creating or deleting virtual servers,

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

Web Application Firewall

Web Application Firewall Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

DDoS Protection on the Security Gateway

DDoS Protection on the Security Gateway DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

About Firewall Protection

About Firewall Protection 1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote

More information

Network Security Platform 8.1

Network Security Platform 8.1 8.1.7.5-8.1.5.14 NS-series Release Notes Network Security Platform 8.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation

More information

APPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder)

APPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder) High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder) This solution leverages interoperable and best-of-breed networking and security products, tailored

More information

Structured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System

Structured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System xii Contents Structured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System Access 24 Privilege Escalation 24 DoS

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

IP Filter/Firewall Setup

IP Filter/Firewall Setup IP Filter/Firewall Setup Introduction The IP Filter/Firewall function helps protect your local network against attack from outside. It also provides a method of restricting users on the local network from

More information

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0 Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.

More information

Setting up Microsoft Office 365

Setting up Microsoft Office 365 Integration Guide Revision G McAfee SaaS Email Protection Securing Exchange Online in Microsoft Office 365 Setting up Microsoft Office 365 Use this guide to configure Microsoft Office 365 and Microsoft

More information

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP) Intel Security Certified Product Specialist McAfee Network Security Platform (NSP) Why Get Intel Security Certified? As technology and security threats continue to evolve, organizations are looking for

More information

IDS / IPS. James E. Thiel S.W.A.T.

IDS / IPS. James E. Thiel S.W.A.T. IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods

More information

Understanding Slow Start

Understanding Slow Start Chapter 1 Load Balancing 57 Understanding Slow Start When you configure a NetScaler to use a metric-based LB method such as Least Connections, Least Response Time, Least Bandwidth, Least Packets, or Custom

More information

Implementing Cisco Intrusion Prevention System 7.0 (IPS)

Implementing Cisco Intrusion Prevention System 7.0 (IPS) Implementing Cisco Intrusion Prevention System 7.0 (IPS) Course Overview: The Implementing Cisco Intrusion Prevention System (IPS) v7.0 course is a five-day course aims at providing network security engineers

More information

Firewall Load Balancing

Firewall Load Balancing Firewall Load Balancing 2015-04-28 17:50:12 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Firewall Load Balancing... 3 Firewall Load Balancing...

More information

Configuring PA Firewalls for a Layer 3 Deployment

Configuring PA Firewalls for a Layer 3 Deployment Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Cisco IPS Tuning Overview

Cisco IPS Tuning Overview Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.

More information

SolarWinds. Packet Analysis Sensor Deployment Guide

SolarWinds. Packet Analysis Sensor Deployment Guide SolarWinds Packet Analysis Sensor Deployment Guide Copyright 1995-2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled,

More information

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection DATA SHEET Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection HIGHLIGHTS Delivers superior zero-day threat

More information

Best Practices Guide Revision E. McAfee Network Security Platform 8.1

Best Practices Guide Revision E. McAfee Network Security Platform 8.1 Best Practices Guide Revision E McAfee Network Security Platform 8.1 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

McAfee Advanced Threat Defense 3.4.8

McAfee Advanced Threat Defense 3.4.8 3.4.8.142 Hotfix Release Notes McAfee Advanced Threat Defense 3.4.8 Revision A Contents About this release New features Enhancements Resolved issues Installation and upgrade notes Known issues Product

More information

NMS300 Network Management System

NMS300 Network Management System NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate

More information

Introducing FortiDDoS. Mar, 2013

Introducing FortiDDoS. Mar, 2013 Introducing FortiDDoS Mar, 2013 Introducing FortiDDoS Hardware Accelerated DDoS Defense Intent Based Protection Uses the newest member of the FortiASIC family, FortiASIC-TP TM Rate Based Detection Inline

More information

Setting up Microsoft Office 365

Setting up Microsoft Office 365 Setup Guide Revision F Using McAfee SaaS Email Protection to Secure Exchange Online in Microsoft Office 365 Setting up Microsoft Office 365 Use this guide to configure Microsoft Office 365 and Microsoft

More information

Link Load Balancing 2015-04-28 08:50:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Link Load Balancing 2015-04-28 08:50:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Link Load Balancing 2015-04-28 08:50:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Link Load Balancing... 3 Link Load Balancing... 4 Configuring

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Firewall. Vyatta System. REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall VYATTA, INC.

Firewall. Vyatta System. REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall VYATTA, INC. VYATTA, INC. Vyatta System Firewall REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

Sourcefire Defense Center TM

Sourcefire Defense Center TM Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security

More information

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to

More information

Addendum I to 7.1 Documentation. McAfee Network Security Platform 7.1

Addendum I to 7.1 Documentation. McAfee Network Security Platform 7.1 Addendum I to 7.1 Documentation McAfee Network Security Platform 7.1 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

SecureIT Plus Firewall Features and Functionality

SecureIT Plus Firewall Features and Functionality SecureIT Plus Firewall Features and Functionality Iowa Network Services SecureIT Plus Firewall Page 1 of 11 1.1 Enabling Firewall 1.1.1 Main Settings Once you have installed the firewall and have rebooted

More information

Configuring Security for FTP Traffic

Configuring Security for FTP Traffic 2 Configuring Security for FTP Traffic Securing FTP traffic Creating a security profile for FTP traffic Configuring a local traffic FTP profile Assigning an FTP security profile to a local traffic FTP

More information

Firewall. Vyatta System. REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall VYATTA, INC.

Firewall. Vyatta System. REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall VYATTA, INC. VYATTA, INC. Vyatta System Firewall REFERENCE GUIDE IPv4 Firewall IPv6 Firewall Zone Based Firewall Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

Virtual Fragmentation Reassembly

Virtual Fragmentation Reassembly Virtual Fragmentation Reassembly Currently, the Cisco IOS Firewall specifically context-based access control (CBAC) and the intrusion detection system (IDS) cannot identify the contents of the IP fragments

More information

Nimsoft Monitor. dns_response Guide. v1.6 series

Nimsoft Monitor. dns_response Guide. v1.6 series Nimsoft Monitor dns_response Guide v1.6 series CA Nimsoft Monitor Copyright Notice This online help system (the "System") is for your informational purposes only and is subject to change or withdrawal

More information

Fail-Safe IPS Integration with Bypass Technology

Fail-Safe IPS Integration with Bypass Technology Summary Threats that require the installation, redeployment or upgrade of in-line IPS appliances often affect uptime on business critical links. Organizations are demanding solutions that prevent disruptive

More information

Network Agent Quick Start

Network Agent Quick Start Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense

More information

McAfee Network Security Platform A uniquely intelligent approach to network security

McAfee Network Security Platform A uniquely intelligent approach to network security McAfee Network Security Platform A uniquely intelligent approach to network security Key Advantages Unparalleled threat prevention Next-generation architecture. Advanced botnet and malware callback detection.

More information

Intrusion Detection in AlienVault

Intrusion Detection in AlienVault Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

System Status Monitoring Guide. McAfee Network Security Platform 6.1

System Status Monitoring Guide. McAfee Network Security Platform 6.1 System Status Monitoring Guide McAfee Network Security Platform 6.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored

More information

FortiDDos Size isn t everything

FortiDDos Size isn t everything FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One

More information

Protecting the Infrastructure: Symantec Web Gateway

Protecting the Infrastructure: Symantec Web Gateway Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options

More information

Freshservice Discovery Probe User Guide

Freshservice Discovery Probe User Guide Freshservice Discovery Probe User Guide 1. What is Freshservice Discovery Probe? 1.1 What details does Probe fetch? 1.2 How does Probe fetch the information? 2. What are the minimum system requirements

More information

FortKnox Personal Firewall

FortKnox Personal Firewall FortKnox Personal Firewall User Manual Document version 1.4 EN ( 15. 9. 2009 ) Copyright (c) 2007-2009 NETGATE Technologies s.r.o. All rights reserved. This product uses compression library zlib Copyright

More information

Installation and configuration guide

Installation and configuration guide Installation and Configuration Guide Installation and configuration guide Adding X-Forwarded-For support to Forward and Reverse Proxy TMG Servers Published: May 2010 Applies to: Winfrasoft X-Forwarded-For

More information

Integration with CA Transaction Impact Monitor

Integration with CA Transaction Impact Monitor Integration with CA Transaction Impact Monitor CA Application Delivery Analysis Multi-Port Monitor Version 10.1 This Documentation, which includes embedded help systems and electronically distributed materials,

More information

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with

More information

Load Balancing IBM Lotus Instant Messaging and Web Conferencing Servers with F5 Networks BIG-IP System

Load Balancing IBM Lotus Instant Messaging and Web Conferencing Servers with F5 Networks BIG-IP System Load Balancing IBM Lotus Instant Messaging and Web Conferencing Servers with F5 Networks BIG-IP System Introducing BIG-IP load balancing for IBM Lotus Instant Messaging and Web Conferencing servers Configuring

More information

FIREWALLS & CBAC. philip.heimer@hh.se

FIREWALLS & CBAC. philip.heimer@hh.se FIREWALLS & CBAC philip.heimer@hh.se Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that

More information

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection

Technical Series. A Prolexic White Paper. Firewalls: Limitations When Applied to DDoS Protection A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial

More information

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent? What is Network Agent? The Websense Network Agent software component uses sniffer technology to monitor all of the internet traffic on the network machines that you assign to it. Network Agent filters

More information

Application DDoS Mitigation

Application DDoS Mitigation Application DDoS Mitigation Revision A 2014, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Volumetric vs. Application Denial of Service Attacks... 3 Volumetric DoS Mitigation...

More information

Load Balancing. FortiOS Handbook v3 for FortiOS 4.0 MR3

Load Balancing. FortiOS Handbook v3 for FortiOS 4.0 MR3 Load Balancing FortiOS Handbook v3 for FortiOS 4.0 MR3 FortiOS Handbook Load Balancing v3 8 February 2012 01-431-99686-20120208 Copyright 2012 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and

More information

Firewalls and Intrusion Detection Systems. Advanced Computer Networks

Firewalls and Intrusion Detection Systems. Advanced Computer Networks Firewalls and Intrusion Detection Systems Advanced Computer Networks Firewalls & IDS Outline Firewalls Stateless packet filtering Stateful packet filtering Access Control Lists Application Gateways Intrusion

More information

CA Nimsoft Monitor. Probe Guide for Apache HTTP Server Monitoring. apache v1.5 series

CA Nimsoft Monitor. Probe Guide for Apache HTTP Server Monitoring. apache v1.5 series CA Nimsoft Monitor Probe Guide for Apache HTTP Server Monitoring apache v1.5 series Legal Notices This online help system (the "System") is for your informational purposes only and is subject to change

More information

INTRODUCTION TO FIREWALL SECURITY

INTRODUCTION TO FIREWALL SECURITY INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ

More information

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1 Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the

More information

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform TECHNICAL BRIEF: BEST PRACTICES GUIDE FOR RUNNING SEP ON.... AZURE.................................... Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform Who should

More information

Panorama High Availability

Panorama High Availability Panorama High Availability Palo Alto Networks Panorama Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054

More information

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention 1 1 Network Security 2 Module 2 Configure Network Intrusion Detection and Prevention 2 Learning Objectives 2.1 Cisco IOS Intrusion Prevention System 2.2 Configure Attack Guards on the PIX Security Appliance

More information

Customer Service Description Next Generation Network Firewall

Customer Service Description Next Generation Network Firewall Customer Service Description Next Generation Network Firewall Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Interoute Communications Limited

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline

More information

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager DEPLOYMENT GUIDE Version 1.1 DNS Traffic Management using the BIG-IP Local Traffic Manager Table of Contents Table of Contents Introducing DNS server traffic management with the BIG-IP LTM Prerequisites

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering The ProSafe VPN Firewall 50 provides you with Web content filtering options such as Block Sites and Keyword Blocking. Parents and network administrators

More information

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course The McAfee University Application Control / Change Control Administration course enables

More information

Introducing the BIG-IP and SharePoint Portal Server 2003 configuration

Introducing the BIG-IP and SharePoint Portal Server 2003 configuration Deployment Guide Deploying Microsoft SharePoint Portal Server 2003 and the F5 BIG-IP System Introducing the BIG-IP and SharePoint Portal Server 2003 configuration F5 and Microsoft have collaborated on

More information

Installation and configuration guide

Installation and configuration guide Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started Getting Started Symantec Client Security About Security Security provides scalable, cross-platform firewall, intrusion prevention, and antivirus protection for workstations and antivirus protection for

More information

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Passive Logging. Intrusion Detection System (IDS): Software that automates this process Passive Logging Intrusion Detection: Monitor events, analyze for signs of incidents Look for violations or imminent violations of security policies accepted use policies standard security practices Intrusion

More information

McAfee Network Security Platform A uniquely intelligent approach to network security

McAfee Network Security Platform A uniquely intelligent approach to network security McAfee Network Security Platform A uniquely intelligent approach to network security Key Advantages Unparalleled Advanced Threat prevention Signature-less, advanced malware analysis. Inline Browser and

More information

SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging

SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION:

More information

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013 SOUTHERN POLYTECHNIC STATE UNIVERSITY Snort and Wireshark IT-6873 Lab Manual Exercises Lucas Varner and Trevor Lewis Fall 2013 This document contains instruction manuals for using the tools Wireshark and

More information

Lab 2.3.3 Configure Intrusion Prevention on the PIX Security Appliance

Lab 2.3.3 Configure Intrusion Prevention on the PIX Security Appliance Lab 2.3.3 Configure Intrusion Prevention on the PIX Security Appliance Objective Scenario Topology In this lab exercise, the students will complete the following tasks: Configure the use of Cisco Intrusion

More information

Firewall Testing Methodology W H I T E P A P E R

Firewall Testing Methodology W H I T E P A P E R Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness

More information

NEFSIS DEDICATED SERVER

NEFSIS DEDICATED SERVER NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis

More information

Creating a Content Group and assigning the Encrypt action to the Group.

Creating a Content Group and assigning the Encrypt action to the Group. Product Guide Revision A SaaS Email Encryption Enablement for Customers, Domains, and Users Email Encryption Customers who are provisioned for SaaS Email Encryption can easily configure their Content Policies

More information

Barracuda Intrusion Detection and Prevention System

Barracuda Intrusion Detection and Prevention System Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques

More information

Guideline on Firewall

Guideline on Firewall CMSGu2014-02 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Firewall National Computer Board Mauritius Version 1.0 June

More information