CaptIO Policy-Based Security Device



Similar documents
Introduction of Intrusion Detection Systems

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

The Alteon isd SSL Accelerator, V2.0

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

How To Block A Ddos Attack On A Network With A Firewall

Gigabit Content Security Router

TP-LINK L2 Managed Switch

Firewall Firewall August, 2003

Introducing FortiDDoS. Mar, 2013

TP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL

Securing Networks with PIX and ASA

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Load Balance Router R258V

TP-LINK. 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch. Overview. Datasheet TL-SL5428E.

FASTIRON II SWITCHES Foundry Networks award winning FastIron II family of switches provides high-density

Firewall Defaults and Some Basic Rules

Network Security Firewall

CS5008: Internet Computing

TP-LINK. Gigabit L2 Managed Switch. Overview. Datasheet TL-SG3216 / TL-SG

10 Configuring Packet Filtering and Routing Rules

RuggedCom Solutions for

Gigabit SSL VPN Security Router

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

TP-LINK. 24-Port Gigabit L2 Managed Switch with 4 SFP Slots. Overview. Datasheet TL-SG

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

ForeScout CounterACT Edge

EdgeMarc 4508T4/4508T4W Converged Networking Router

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Cisco SR 520-T1 Secure Router

IntraCore Series 16-port Gigabit Managed Switches Layer 2

Gigabit Multi-Homing VPN Security Router

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

QuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview

JetNet 5428Gv2. Features. Industrial 24FE+4G Gigabit Managed Ethernet Switch INDUSTRIAL ETHERNET RACKMOUNT SWITCH

Firewalls. Chapter 3

Gigabit Multi-Homing VPN Security Router

G-TAP A Series // Data Sheet

A Layperson s Guide To DoS Attacks

Deploying ACLs to Manage Network Security

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

TP-LINK. 24-Port Gigabit L2 Managed PoE Switch with 4 Combo SFP Slots. Overview. Datasheet TL-SG3424P.

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

How To Use A Network Instrument Ntap

1Industrial Ethernet Switch

Firewalls and Intrusion Detection

Security Technology White Paper

APV9650. Application Delivery Controller

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Chapter 15. Firewalls, IDS and IPS

Denial of Service Attacks, What They are and How to Combat Them

DDoS Protection Technology White Paper

CSCI 4250/6250 Fall 2015 Computer and Networks Security

TP-LINK 24-Port Gigabit L2 Managed Switch with 4 SFP Slots

DDoS Overview and Incident Response Guide. July 2014

Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Cisco Small Business Managed Switches

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

IES-3080/3062 Series. Industrial 8-port managed Ethernet switch. Features. Introduction

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

NetDefend UTM Firewall Series

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

The Critical Importance of Three Dimensional Protection (3DP) in an Intrusion Prevention System

HP Networking Mobility Security IDS/IPS Series

ProCurve Switch 1700 Series

Complete Protection against Evolving DDoS Threats

Blacklist Example Configuration for StoneGate

CENTRAL MONITORING AND MANAGEMENT. CMX SERIES DATASHEET CENTRALIZED MANAGEMENT

>THIS IS THE WAY >THIS IS

PROFESSIONAL SECURITY SYSTEMS

SECURITY ADVISORY FROM PATTON ELECTRONICS

Technical Note. ForeScout CounterACT: Virtual Firewall

TP-LINK. L2 Managed Switch. Overview. Datasheet TL-SL3428/TL-SL

48 GE PoE-Plus + 2 GE SFP L2 Managed Switch, 375W

Link Controller ENSURES RELIABLE NETWORK CONNECTIVITY

8. Firewall Design & Implementation

Firewall. User Manual

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

Firewalls, IDS and IPS

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

1. Firewall Configuration

FIREWALLS & CBAC. philip.heimer@hh.se

co Characterizing and Tracing Packet Floods Using Cisco R

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

General Network Security

ProCurve Switch 8000m (J4110A) and Switch 8000m

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Automated Mitigation of the Largest and Smartest DDoS Attacks

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

QuickSpecs. Models HP S Mbps IPS

Data Sheet. DPtech Anti-DDoS Series. Overview

INDIAN INSTITUTE OF TECHNOLOGY BOMBAY MATERIALS MANAGEMENT DIVISION : (+91 22) (DR)

PN5212/PN5320/PN7212/PN7320

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

IBM. Vulnerability scanning and best practices

NLoad Balancing Stackable Switch

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Transcription:

The Leader in Denial of Service Prevention CaptIO Policy-Based Security Device The CaptIO Policy-Based Security Device automatically detects, identifies, validates, and stops Denial of Service attacks in seconds. Automatic, Immediate DoS Mitigation Ingress & Egress Traffic Protection Prevention of Firewall Overload and IDS False Positives Ensurance of Server Availability Detection and Identification of Network Traffic Anomalies Denial of Service Prevention In today's e-business economy, network security is a mission-critical function. A secure, highly-available network is critical to protecting e-commerce brands. Recent malicious Denial of Service (DoS) attacks on some of the Internet's largest Web sites underscore the need for comprehensive security solutions. Presently, network administrators attempt to decrease the impact of DoS attacks with a patchwork of equipment. They may install firewalls, IDS systems, and configure their IP routers to drop packets of a given type or particular source and destination address. Unfortunately, these solutions are not well integrated, reduce network performance, and fail to stop DoS attacks prior to network impact. The CaptIO Network Security Device The CaptIO uses anomaly-based network security policies to detect, identify, and stop Denial of Service attacks within seconds of detection. Patent-pending technologies provide the capability to distinguish between legitimate spikes in network traffic and malicious DoS attacks. This allows you to surgically shut down an attack without disrupting legitimate traffic to your business. CaptIO Architecture The CaptIO system architecture is comprised of major security components that provide ingress and egress traffic management, comprehensive traffic profiling, and policy-based intrusion detection and response. The key is to stop a DoS or distributed DoS (DDoS) attack before it slows down or shuts down your network. Reactive solutions let your network control you. Preventive solutions allow you to be in control of your network.

Redefining the DMZ Ingress and Egress Traffic Because there is no "trusted" side of the network with the CaptIO, unique policies can be applied to both ingress and egress traffic. This means that all traffic passing through the device, whether inbound "ingress" or outbound "egress", is tracked for security policy violations. Each interface of a CaptIO can be configured as a discrete network having its own policies. Ingress and egress traffic management on the CaptIO includes source filtering and reciprocal firewall technology. Source filtering helps insure that private IP addresses are not allowed to propagate across the public Internet. Reciprocal firewall technology enforces security policies regardless of traffic direction. The CaptIO only passes traffic that has been explicitly defined by the user and immediately denies any other network traffic. This network model eliminates the secondary DoS threat of worm/viruses, such as in Code Red and Nimda. Patent-Pending Technologies The core security component of the CaptIO device is the policy-based intrusion detection and response system. Two patent-pending technologies specifically address the ability of the device to automatically detect, identify, and validate DoS attacks. TRaP Technology Traffic Restriction and Profiling (TRaP) Technology allows the CaptIO to track and profile all traffic flows through the device. Network traffic is tracked by any combination of source and destination IP addresses, source and destination ports, and protocol. Flows can be tracked separately or as an aggregate of matching traffic. TLIDS Technology The CaptIO device also utilizes an innovative Traffic Limiting Intrusion Detection System (TLIDS), which monitors network traffic to identify and validate a DoS attack. TLIDS policies are determined by the network administrator and are specific to the network being protected. The CaptIO system architecture is comprised of major security components that provide ingress and egress traffic management, comprehensive traffic profiling, and policy-based intrusion detection and response.

DoS Prevention Technology Inside TLIDS Technology TLIDS policies characterize normal network traffic patterns and the CaptIO monitors for anomalies in traffic. When network traffic violates a TLIDS policy, the CaptIO device dynamically takes action to notify, throttle, redirect, or deny traffic between the two specific offending hosts. This capability allows the CaptIO to surgically stop the attack while allowing legitimate traffic to continue through. If an attack is detected, the policies determine what action is automatically taken by the CaptIO to mitigate any damages from the attack. When an attack subsides, the filters invoked by the TLIDS policies are automatically removed and network traffic continues to be monitored for anomalies. Policy-based Security Policies can be set against all IP protocol types and are independently configured for each CaptIO interface. Policy thresholds can be based on the total data flow, packet flow, average packet size, TCP SYN traffic, and service scans. Packet and data buckets allow for protocols that are naturally bursty, such as HTTP, to occasionally reach high traffic rates without triggering a policy action. In addition to stopping DDoS attacks, the CaptIO can also stop port scans. A potential attacker uses a port scan to see what services on a host or hosts on a network are available. This attacker can then use this information to launch a DDoS or other attack. The sample policy shown above is set to track HTTP traffic, inspecting for anomalies such as that generated by a malicious flood of traffic to a Web server. In this example, the CaptIO will monitor all HTTP traffic passing through the device.

Layered Security Today s Layered Approach to Securing E-business Yesterday's security framework, otherwise known as the DMZ, consisted of a firewall and an IDS system. Today's security framework includes a Denial of Service component. The firewall, in its purest form, is a secure gateway that connects a company's network with the Internet. It protects the company's network from unauthorized access. Firewalls manage traffic flow and can block data that does not meet the standards of the company's security policy. An IDS is primarily an advisory system. IDS systems endeavor to identify and record attempts to compromise the security of a network. IDS's, whether host- or network-based, use databases of "attack scenarios, drawing from previous experience, to indicate incoming intrusion attempts. Companies are facing new challenges to protect infrastructure and information assets. Today s comprehensive e-security suite includes an intrusion detection system, a firewall, and a Denial of Service prevention component. Because companies are facing new challenges to protect infrastructure and information assets from cyber attacks, a new component has been added to the security suite, the Captus Networks DoS security device. The CaptIO device is able to distinguish good from bad traffic, and provides ingress/egress filtering. By offloading packet filtering and DoS mitigation to a CaptIO, firewall, router, and IDS resources can be more effectively utilized, enhancing overall network performance. This suite of security technologies allows you to implement state-of-the-art prevention, detection, response, and forensic procedures to mitigate ongoing risk in a digital economy. Some named attacks that can be stopped by the CaptIO device are listed above. The CaptIO detects traffic anomalies, takes action based on policies, and stops any network attack, whether it is well-known or has just been introduced.

and Support Captus Networks provides multi-level FCAPS management solutions for the device, element, and network level. Network / Manager of Managers - Support for V1/V2 SNMP - SNMP Gets and Traps on CaptIO Element - CaptCC Centralized for up to 25 CaptIO Devices - New Windows-based Report Viewer Device - CaptIO Web Interface allows secure, remote access using HTTPS - CLI access via SSH Comprehensive There are three levels of management solutions for the CaptIO. First, any SNMP-based "Manager of Managers" platform, like HP OpenView, can be used to remotely monitor CaptIO devices through the use of SNMP gets and traps. Second, the CaptCC Global Administrator serves as an Element System for CaptIO devices. Finally, the CaptIO includes both a secure Command Line Interface (CLI) with terminal access using SSH, and a Web Interface (WMI) that can be launched via any standard Web browser for configuration and management. In addition, the CaptIO has the added feature of supporting Network Time Protocol (NTP) as server/client for the network. Exceptional Support Captus provides technical and product support to its customers through a 24x7 call center service. Captus Networks includes call-center support, field replacement, and minor software updates as part of the first 90 days warranty. Additional services including priority access, extended support, and database privileges can be added/extended on a yearly basis as part of the Premium Support offering. HP OpenView is a registered trademark of Hewlett-Packard Company. All other products mentioned are registered trademarks or trademarks of their respective companies.

Corporate Headquarters Captus Networks 1680 Tide Court, Suite B Woodland, CA 95776 Toll Free: 877-9CAPTUS (877-922-7887) Phone: (530) 406-3500 Fax: (530) 406-3406 e-mail: info@captusnetworks.com web: CaptIO Specifications rev. 03/02 - Specifications subject to change without notice. 2002 Captus Networks Corp. Detected Attack Types Floods TCP (SYN, ACK), ICMP, UDP, IGMP multicast Other ICMP oversized packet (Ping of Death), Invalid IP packet types, Invalid IP fragmentation, port scanning Policy Enforcement Actions Alert, Throttle, Reroute, Deny non-conforming traffic Notification Types SNMP (V1, V2) gets & traps, local syslog, remote syslog Interface Encrypted SSH (V2) CLI, SSL Web Browser, NTP client/server Connectivity Ethernet Interfaces 10Base-T/100Base-TX: Half/Full Duplex Autosense, RJ45 connectors 1000Base-SX: Multi-mode Fiber (62.5-50µm), SC duplex connector One 10Base-T/100Base-TX Autosense, RJ45 connector One RS-232 Serial, DB9 connector Local Console: SVGA (DB15) & Keyboard (PS/2-style) Power & Environmental Requirements Input 100-240V AC, 50/60 Hz, 2A Temperature 40-105 F (5-40 C) Relative Humidity 5-90% non-condensing Altitude 0-9843 ft. (3000 m) Dimensions and Weight Height 1.75 in. (1RU) Width 17.00 in. Depth 22.00 in. Weight 19 lbs. Certifications Safety CSA, UL, CE EMI CFR 47 Part 15, Subpart B, Class A (FCC) Ordering Options Model Fast Ethernet (10/100BASE-TX) Number of Interfaces Gigabit Ethernet (1000BASE-SX) (10/100BASE-TX) CaptIO (0x4) 4-1 CaptIO-G (1x4) 4 1 1 CaptIO-G2 (2x4) 4 2 1 Ordering Information The CaptIO, CaptIO-G, and CaptIO-G2 support various configurations of Gigabit Ethernet and Fast Ethernet interfaces, depending on network connectivity requirements. Each network interface can be individually configured with unique security policies. All CaptIO devices are one rack-unit high (1.75 inches) and mount in a standard 19" equipment rack. A CaptIO device can be configured as a hot standby to an active device in high availability (HA) network environments. Using unique fault-management software and redundant device synchronization, the CaptIO HA solution delivers seamless fail-over for mission-critical network security.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information