funkwerk packetalarm NG IDS/IPS Systems



Similar documents
SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Radware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International.

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

PROFESSIONAL SECURITY SYSTEMS

Network- vs. Host-based Intrusion Detection

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Zone Labs Integrity Smarter Enterprise Security

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Taxonomy of Intrusion Detection System

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

On-Premises DDoS Mitigation for the Enterprise

Content Security Gateway Series Real-time Gateway Web Security Against Spyware and Viruses

Fail-Safe IPS Integration with Bypass Technology

Architecture Overview

Cisco IPS Tuning Overview

Intrusion Detection Systems (IDS)

Traffic Analyzer Based on Data Flow Patterns

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

COUNTERSNIPE

McAfee Intrusion Prevention System

Network Management and Monitoring Software

Course Title: Penetration Testing: Security Analysis

IPS Anti-Virus Configuration Example

Log Audit Ensuring Behavior Compliance Secoway elog System

AppDirector Load balancing IBM Websphere and AppXcel

Improving Network Efficiency for SMB Through Intelligent Load Balancing

Firewall and UTM Solutions Guide

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

IDS / IPS. James E. Thiel S.W.A.T.

QRadar Security Intelligence Platform Appliances

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Astaro Gateway Software Applications

INTRODUCTION TO FIREWALL SECURITY

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

TORNADO Solution for Telecom Vertical

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Networking and High Availability

Product Information = = = sales@te-systems.de phone

TOTAL VIEW ONE Technical FAQ

Astaro Deployment Guide High Availability Options Clustering and Hot Standby

Managed Security Services for Data

Secure Cloud-Ready Data Centers Juniper Networks

Cover. White Paper. (nchronos 4.1)

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

Cisco Application Networking Manager Version 2.0

Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

McAfee Network Security Platform Administration Course

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

From Network Security To Content Filtering

V1.4. Spambrella Continuity SaaS. August 2

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Fifty Critical Alerts for Monitoring Windows Servers Best practices

A Prevention & Notification System By Using Firewall. Log Data. Pilan Lin

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Industrial Firewalls Endpoint Security

Total Defense Endpoint Premium r12

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

THE ROLE OF IDS & ADS IN NETWORK SECURITY

Deploying Firewalls Throughout Your Organization

Secospace elog. Secospace elog

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Optimal Network Connectivity Reliable Network Access Flexible Network Management

8. Firewall Design & Implementation

Second-generation (GenII) honeypots

WHITE PAPER September CA Nimsoft For Network Monitoring

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Unified network traffic monitoring for physical and VMware environments

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

QRadar Security Management Appliances

Barracuda Intrusion Detection and Prevention System

SolarWinds Certified Professional. Exam Preparation Guide

Clavister InSight TM. Protecting Values

Symantec Messaging Gateway 10.5

Ranch Networks for Hosted Data Centers

Contents. Load balancing and high availability

Symantec Messaging Gateway 10.6

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Perspective on secure network for control systems in SPring-8

Web Application Firewall

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Overview of WebMux Load Balancer and Live Communications Server 2005

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

IBM QRadar Security Intelligence Platform appliances

Network device management solution

RAVEN, Network Security and Health for the Enterprise

Security Event Management. February 7, 2007 (Revision 5)

Firewalls. Chapter 3

Network Defense Tools

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

Transcription:

funkwerk packetalarm NG IDS/IPS Systems First Class Security. Intrusion Detection and Intrusion Prevention

Funkwerk IP-Appliances Corporate and Authorities networks: A Popular Target of Attacks Nowadays, almost all industrial and business processes are supported by electronic data processing systems. This makes the highest demands on the availability of IT infrastructure, no matter if the application concerned is email communications or ERP systems. Trouble-free operation is an important factor for success. The continuously growing number of attacks on corporate networks by worms, viruses, trojan horses, DoS attacks, spam email, or other potential hacker attacks threaten business success in an increasingly more concrete manner. Nowadays, successful attacks cause damage worth millions of Euros, decrease productivity, infringe company secrets, and finally endanger the very substance of enterprises or of authorities. Ever more sophisticated and intelligent malware also threaten your network. In the past few years, attacks on corporate and authority networks have become more and more numerous, manifold, and complex. The times in which a firewall and a virus scanner could be considered a sufficient security solution are over for good. It becomes day by day more important to protect yourself against these dangers and to prevent damage due to theft or destruction of corporate and authority data. The IP security systems of Funkwerk IP-Appliances GmbH offer flexible premium solutions for the security of entire networks, and clearly help minimize the mentioned risks and improve security in companies effectively. Not least because of their low purchasing and operating costs they also guarantee a quick RoI (Return on Investment). 2 First Class Security packetalarm IPS NG / IDS NG

First Class Security packetalarm IPS NG / IDS NG Intrusion Detection and Prevention: Reliable Technologies for the Protection of your Data. Both product lines packetalarm IDS NG and packetalarm IPS NG have many similarities as regards their basic functionality due to their common development. Many of the following features described below can be found in both product lines. packetalarm IDS NG: Intrusion Detection Systems packetalarm IPS NG: Intrusion Prevention Systems Intrusion Detection System in Sniffing mode: Inspection of the entire network data traffic without any loss of performance or reduction of availability. Intrusion Prevention System in Inline mode: Highest security with integrated firewall and blocking function. Sensitive infrastructures with high security needs require an attack detection solution that does not impair availability or performance. This is why the packetalarm systems are your number one choice. Invisible in sniffing mode, the packetalarm IDS NG listens to the network and scans all data going by. The packetalarm IDS NG-System also detects attacks in internal network segments and is expert in high performance attack detection. The packetalarm IPS NG product line has been specially developed for monitoring internal network gateways and can be installed in bridging mode on layer 2. The possibility of integration into layer 2 means the product can be installed easily and transparently in front of internal systems without any need for laborious or cost-intensive conversion work. If attacks and threats to protected systems are detected, these can be automatically blocked and filtered out of the data stream. Funkwerk IP-Appliances 3

Funkwerk IP-Appliances packetalarm IDS NG: High Performance Intrusion Detection Systems Network-based Intrusion Detection is an indispensable instrument in any enterprise-wide security solution: No other technology supports real-time monitoring and attack detection of communications in complete network segments. Intrusion Detection Systems can thus be implemented at for example core switches or, via TAP devices, at central locations in order to monitor all aspects of internal communication. According to recent studies, around 60-80 pc of all attacks come from the internal network however, these cannot be detected by gateway security products. But the packetalarm Intrusion Detection Systems detect even these attacks reliably. Since Intrusion Detection technology is also used passively in sniffing mode, the data stream remains unaltered, which guarantees maximum availability. The packetalarm IDS NG product line has been specially developed for monitoring complete network segments. The packetalarm IDS proven scan and detection technology and the Sensor/Manager architecture deliver maximum performance and scalability. The intelligent correlation between attacks that have been identified and system attributes is used to calculate in real time which attacks are actually relevant and dangerous for the network. All attack data are output in clearly structured reports. The packetalarm IDS NG thus helps the administrator separate important from unimportant information and helps to create greater security while reducing administration costs. Secure Monitoring and Management packetalarm IDS NG can by default perform sniffing with multiple interfaces simultaneously and thereby monitor several network segments in a system. Sniffing interfaces do not have a dedicated IP address (stealth mode). This means that the Intrusion Detection System itself cannot be attacked. The management interface can simply be positioned in, for example, a segment protected by a firewall. In addition, access can be limited to specific IP addresses via a management console. All communication between the browser and the manager is always encrypted. Intrusion Prevention in Sniffing Mode If the Intrusion Prevention engine is activated, packetalarm IDS NG can respond to attacks and prevent them by means of a TCP reset or a firewall hardening. 4 First Class Security packetalarm IPS NG / IDS NG

First Class Security packetalarm IPS NG / IDS NG packetalarm IPS NG: High Performance Intrusion Prevention Systems Mere firewall systems without an integrated Intrusion Prevention System are inconceivable today the attacks by worms, trojans, hackers and so on have become just too numerous and too clever. A security system based exclusively on IP and port addresses represents just a minor obstacle. But is a simple Intrusion Prevention add-on to a firewall sufficient to avert the many threats systems face nowadays? packetalarm IPS NG employs quite a different strategy in dealing with this problem it focuses not on simply reducing the communication options, but on a detailed examination of each individual packet and the possibilities that this offers in order to identify specific attacks. At the heart of the packetalarm IPS NG-System is the Intrusion Prevention engine, supported by a Layer 2/Layer 3 firewall. After all, whether it s a matter of Event Correlation, Anomaly Detection or Auto-Prevention, cutting edge security technology is crucial and constantly enhanced. The packetalarm IPS NG Intrusion Prevention System operates inline in bridging mode on layer 2. Although packetalarm IPS is invisible during communication, the firewall and prevention engine remain active. packetalarm IPS NG can also be deployed in front of WLAN hotspots, server farms or individual servers the network configuration does not need to be changed in any way. DHCP, BootP, NT domain logins and other broadcast communications continue to function properly without intervention by an administrator. Layer 2/Layer 3 Firewall The packetalarm IPS NG Layer 2/Layer 3 Firewall is the first checkpoint for all data traffic. It monitors all data packets between the protected network and external networks in real time. Only the desired data traffic may pass unhindered. The rules of the firewall can be configured easily and without effort. Intrusion Prevention The packetalarm Intrusion Prevention engine uses several thousand rules and signatures to identify attacks. The system actively intervenes in the data stream and blocks attacks before they can infiltrate the network. Auto-Prevention Function A special Auto-Prevention function simplifies configuration and enables rules and rule groups so they can quickly adapt to changing security needs in the protected system. The Auto-Prevention function is an exclusive feature offered only by packetalarm NG, and the automatic rule update means they are protected against attacks more quickly than any other system. All packetalarm NG products can be combined at your own taste in a distributed system. Administration, configuration and analysis are performed via a central manager. Funkwerk IP-Appliances 5

Funkwerk IP-Appliances packetalarm Next Generation: Analysis and Reporting Functions packetalarm NG uses a special function known as Event Correlation to check whether each specific attack that is identified could possibly be carried out on the target system. This decision is taken based on the rule definition and the targeted system s attributes. Each correlation increases or decreases the probability that an attack will be successful. Attacks with a low probability rating can be filtered from the output in order to prevent false alarms. The administrator can of course also create his own system attributes, establish correlations between rules and attributes and determine the extent to which this will increase or decrease the probability of a successful attack. The systems can correlate in real time events with other information and support the import of external correlation data, such as Nessus or prelude. Thereby prelude is directly supported via the internal transmission protocol. The events detected by packetalarm NG-Systems can be transferred to external evaluation systems. Simple Creation of Individual Signatures packetalarm NG provides the user with a fast and straightforward tool to create their own signatures using the management interface. Combinations of rules can also be defined using the rule editor, for example by source or destination address, port, packet type, packet size or content (e. g. keywords, text or hexadecimal) and by frequency of occurrence within a predefined time span. This way, the data traffic can be alarmed upon or blocked individually. Anomaly Detection Attacks and the effects of attacks often cause irregularities in the normal data traffic. A sudden increase in data volume or the shutdown of a service can be signs of an attack. packetalarm NG Anomaly Detection displays deviations from normal data volumes and notifies the administrator, if desired. The packetalarm NG-System can learn what data volume is considered to be normal, and this can also be configured by administrators. Anomalies can be defined for networks, individual machines and even individual ports on machines. If a value deviates from a normal value by a specified percentage for a predefined time range, this incident is reported. 6 First Class Security packetalarm IPS NG / IDS NG

First Class Security packetalarm IPS NG / IDS NG Optimum Monitoring, Forensic Analysis and Auto-Reporting packetalarm NG supports a detailed forensic analysis of attacks in the network. A user-friendly query and display option lists the incidents occurred in a freely definable period in various categories. The threat posed by the events is shown (High, Medium, Low, Info). All attacks are by default displayed together with the entire IP packet. packetalarm NG displays attacks even sorted by attack target and attacker. All data required for the analysis can easily be exported. A special Auto-Reporting function automatically reports the most important attacks and rule violations in a clearly structured email report. The question of whether reports are to be sent daily, weekly or monthly can be freely configured. Output of diagrams and tables can also be combined to suit individual needs. This ensures that management, IT managers and administrators have the means to display precisely what data is most important to them. Automatic Software Update The automatic software and pattern update ensures users always have the very latest version of the packetalarm NG-Systems. SNMP Interface The packetalarm NG-System includes an SNMP interface that can be used to retrieve data from all systems in order to obtain information about, for example, CPU utilisation and hard disk capacity. Rule overview and definition Funkwerk IP-Appliances 7

Funkwerk IP-Appliances packetalarm NG Graphical User Interface The New Graphical User Interface of the Next Generation Systems: Intuitive, User-Friendly and Flexible Administration. For the packetalarm NG-Systems an intuitive, new Graphical User Interface (GUI) with intuitive operator guidance and a quick and easy use has been developed in particular for the operation within large networks with a large number of IDS or IPS Sensors and Managers. The new dashboard allows an individual design so that important information is always available at a glance. The team focus of the user concept helps in the administration of large networks. It includes not only a granular role concept but also a read only mode which helps avoid conflicts caused by double administration. Even for single user groups, rights of action level can be defined. Auto-Supervision for an Optimal Application Security All appliances of the packetalarm Next Generation come with automatic hardware monitoring functions that help you to always be up to date about the condition and availability of your IDS/IPS installation. 8 First Class Security packetalarm IPS NG / IDS NG

First Class Security packetalarm IPS NG / IDS NG Administration and Management in Complex Networks Central Management with Sensor/Manager Operation Distributed enterprise networks, countrywide authorities or government networks are the most common targets of cyber attacks. Such networks demand an operation mode with many sensors for attack detection and prevention. The packetalarm NG-Systems can therefore operate without problem in a distributed system with a large number of sensors. All sensors distributed over the whole infrastructure can be configured, administrated and monitored with a central manager. The sensors can thereby communicate not only locally, but also in branch offices via the Internet or VPN with the central manager. The communication of the packetalarm systems among each other is always encrypted with TLS. For the communication with external systems, encrypted protocols such as HTTPS, SMTP via TLS, SNMP v.3 and SCP are available. Administration of Sensors New Features with packetalarm NG All adjustments for scans of network packets and for the detection of attacks will be done at the new packetalarm NG Manager via a web-based user interface. Beside the comprehensive configuration and Auto-Reporting function, an easy-to-handle, automatic and user-friendly update procedure is provided to the administrator. The integrated update mechanism allows among other things an automatic installation of multiple updates, or an update on a single sensor system in a multi-sensor environment. Distribution of software updates is also easy with the packetalarm NG Manager. The software available on the manager can be installed and distributed to specific sensors after the selection of the version. Parallel execution of updates reduces maintenance time. For the administration of many sensors, similar signatures and rules can be merged into templates. Distribution of these templates of IDS/IPS-rules can then be transferred to the specific sensor. Funkwerk IP-Appliances: Network security for Nets of all kind and size. *) HA-Manager can be placed at any location, even if they are geographically distant (e. g. external data centre) Funkwerk IP-Appliances 9

Funkwerk IP-Appliances packetalarm NG Appliances packetalarm NG: Optimized for Performance. As a result of many years of experience even in very large environments, the new generation of the packetalarm IDS/IPS systems have been optimized for optimum scalability and the requirements of their particular role. The packetalarm NG Sensors and Sensor/Managers have been developed for fast processing of high data volumes. The packetalarm NG Managers have been specially designed for the storage of a high number of events and for fast processing of the data accrued. All the appliances include integrated fault tracking of the hardware components. The appliances of the model series 500 NG and higher are equipped with RAID, as well as with redundant fans and hard disks. packetalarm IDS NGx High Speed-Sensors The packetalarm IDS 1000 NGx Sensors have been specially designed for operation in networks with extremely high data volumes. This has been accomplished by the packetalarm NG Stream Distribution Technology. A further acceleration in data analysis is accomplished by a parallel use of multiple IDS cores. High Availability All Sensors, Sensor/Managers and Managers of the packetalarm Next Generation come with HA support. The function of the High Availability feature here is to monitor a parallel, redundant system and to take over all functions from the master in case of failure. This failover happens instantly, automatically and without interruption. This kind of redundant setup is also possible when the two systems are at distant locations, as for example in a remote backup data centre. Model Overview packetalarm NG model overview Model Suggested bandwith and RAID Sensor Sensor/ Manager IDS IPS hardware redundancy integr. Manager 200 NG Up to 200 MBit/s* Storage up to 55 Mio. Events** 500 NG Up to 500 MBit/s* Storage up to 55 Mio. Events** Redundant fans and HDD 1000 NGx Up to 2.000 MBit/s* Storage up to 55 Mio. Events** Redundant fans and HDD Consistent design for processing of extremely high data quantities by the parallel usage of multiple IDS cores Manager Manager NG Storage up to 55 Mio. Events** Redundant fans and HDD Ultra Storage up to 195 Mio. Events** Manager NG Redundant fans and HDD, Hot Spare HDD Consistent design for the storage of high data quantities and management of large networks *) The performance can vary in dependency of the configuration **) The actual number of stored events can vary in dependency of the configuration 10 First Class Security packetalarm IPS NG / IDS NG

First Class Security packetalarm IPS NG / IDS NG Performance features packetalarm packetalarm IDS NG IPS NG Integration Layer 2 (Bridging Mode) Passive (Sniffing Mode) Dynamic Intrusion Detection and Intrusion Prevention IDS/IPS signatures > 6000 > 6000 Individual signatures Correlation Auto Prevention Forensic analysis Anomaly detection Traffic Trace Port Scans DoS Buffer Overflow Packet fragmentation attack UDP attack Application anomaly attack Application protocol analysis RFC compliance check System Management Sensor Management Number of sensors unlimited unlimited Monitoring via SNMP Hardware diagnosis via SNMP (v1, v2, v3) High Availability Logging Internal hard disc Log to remote Syslog server Log to SNMP server Attack reporting via email Administration Auto-reporting Automatic Real-Time Update Console interface Web GUI (HTTPS) Firewall modes and features Layer 2/Layer 3 Firewall NAT, PAT Threshold Analyse Stateful Pattern Matching CONCLUSION The funkwerk packetalarm IDS/IPS product family constitutes a sophisticated high performance security solution for networks of all sizes, which is also scalable and economical. Through its flexibility and easy installation and administration, the demanding requirements of a scalable IP security solution are met. The deployment of multiple systems allows the easy and commercial development of a comprehensive security concept. The unique packetalarm NG management technology allows easy and centralized administration even for large, distributed infrastructures. Security of investment and technologically ahead in terms of attack detection and prevention: With packetalarm IDS/IPS NG you are always on the secure side. Funkwerk IP-Appliances 11

Funkwerk: The Perfect Fit. V O I C E, D A T A, S E C U R I T Y. Copyright for all content 2011 by Funkwerk IP-Appliances / Funkwerk Enterprise Communications. All rights reserved. Pictures: Funkwerk IP-Appliances, Funkwerk Enterprise Communications, istockphoto, fotolia, Kilovolt. Nessus is a registered trademark of enable Network Security. Technical specifications are subject to change. Funkwerk IP-Appliances GmbH Moenchhaldenstrasse 28 D-70191 Stuttgart Phone: +49-711 - 900 300-0 fax: +49-711 - 900 300-90 email: info@funkwerk-ip-appliances.com www.funkwerk-ip-appliances.com 04/2011

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information