Download PowerPoint Presentation Here - NetEvents.tv

644 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
644
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Download PowerPoint Presentation Here - NetEvents.tv

  1. 1. Intrusion Prevention System (IPS) Tutorial
  2. 2. Intrusion Prevention Systems Addressing ever changing and growing threat landscape <ul><li>Blocking attacks in real time including </li></ul><ul><ul><li>Worms, viruses, spyware, trojans, adware, phishing </li></ul></ul><ul><ul><li>DDoS, O/S & network device attacks </li></ul></ul><ul><ul><li>Application & Web application vulnerability attacks </li></ul></ul><ul><ul><li>VoIP & SCADA attacks </li></ul></ul><ul><ul><li>Limiting or blocking common apps like P2P & IM </li></ul></ul><ul><li>To go in-line the IPS must deliver </li></ul><ul><ul><li>High Availability – Can’t take the network down </li></ul></ul><ul><ul><li>High Performance with Low Latency – Can’t slow down application traffic </li></ul></ul><ul><ul><li>Filter Accuracy – Cannot block legitimate traffic </li></ul></ul><ul><ul><li>Ease of Use </li></ul></ul>In-Line, Automated Attack Blocking Dirty Traffic Goes In Clean Traffic Comes Out Automatic Protection
  3. 3. In-Line Reliability Ensuring network uptime is not compromised <ul><li>Dual Hot-Swappable Power Supplies </li></ul><ul><li>Hitless TOS Upgrades (no downtime) </li></ul><ul><li>Self-Monitoring Watchdog Timers </li></ul><ul><ul><li>Security and Management Engines </li></ul></ul><ul><ul><li>Layer 2 switch fallback (can be manually forced) </li></ul></ul><ul><li>Auto Filter Control (AFC) </li></ul><ul><ul><li>Each filter monitored for performance </li></ul></ul><ul><li>Performance Protection (PP) </li></ul><ul><ul><li>Protects itself when performance levels exceeded </li></ul></ul><ul><li>Link Down Synchronization (LDS) </li></ul><ul><ul><li>Links mirrored, brought down together, prevents Black Hole routing </li></ul></ul><ul><li>Multiple Redundancy Options </li></ul><ul><ul><li>Active-Active, or Active-Passive </li></ul></ul><ul><ul><li>No requirement to waste segments/ports </li></ul></ul><ul><li>No IP Address or MAC Address </li></ul><ul><li>Transparent to Router Protocols </li></ul><ul><ul><li>HSRP, VRRP, OSPF, EIGRP, BGP </li></ul></ul>Redundancy High Availability Preserve high availability and security
  4. 4. In-Line Performance Hardware, O/S and Filters designed for max performance Product Inspected Throughput Typical Inspected Latency 210E 200 Mbps < 1 millisecond 600E 600 Mbps < 84 microseconds 1200E 1.2 Gbps < 84 microseconds 2400E 2.0 Gbps < 84 microseconds 5000E 5.0 Gbps < 84 microseconds Core Controller + IPS Solution 10.0 Gbps < 30 microseconds High inspected throughput with low latency
  5. 5. Filter Accuracy Blocking all the bad and none of the good Vulnerability False Positives (coarse filter) Standard IPS Exploit Filter for Exploit A Exploit A Exploit B (missed by Exploit Filter A) TippingPoint Vulnerability Filter Vulnerability filters deliver unsurpassed accuracy
  6. 6. Staying Ahead of the Threats 2007 Microsoft vulnerability coverage 98% 81% 73% 45% 62% Coverage Speed of Coverage -68 days; 74/75 covered 74/75 covered Broad filter coverage and timely filter delivery
  7. 7. Ease of Use Making IPS easy for IT and security staffs <ul><li>Easy Installation </li></ul><ul><ul><li>Installs in minutes </li></ul></ul><ul><ul><li>Out-of-the-box network protection </li></ul></ul><ul><ul><li>Shipped with recommended filter settings </li></ul></ul><ul><ul><li>No “learning” or false positive tuning </li></ul></ul><ul><li>Easy on-going Management </li></ul><ul><ul><li>Automatic threat blocking / network protection </li></ul></ul><ul><ul><li>Automatic filter updates </li></ul></ul><ul><ul><li>No manual security event follow-up </li></ul></ul><ul><ul><li>No manual updates required </li></ul></ul><ul><ul><li>Set and forget policy enforcement </li></ul></ul><ul><li>Automated Reports </li></ul><ul><ul><li>Concise, actionable management dashboard </li></ul></ul><ul><ul><li>Automated reports for compliance audits </li></ul></ul>Central Management Dashboard Multiple Consoles Per SMS Simple to Use Management Appliance Manage Multiple Units IPS IPS Core Controller Easy IPS Installation and Management
  8. 8. IPS Throughout the Network 10Mbps – 1Gbps 1Gbps – 10Gbps nx1Gbps – nx10Gbps Shared Tape Windows & Linux Blades DMZ Access Switch Access Switch VPN Concentrator Office LAN Wireless Campus Remote Office Shared Storage Web Servers Data Center Core Aggregation Access Distribution Switch Distribution Switch Protect Remote Offices Protect Core Network Protect Web Apps & Servers Protect Apps, Servers & Data Protect WAN Perimeter Core Controller / IPS Protect Major Zones Core Controller /IPS Core Controller / IPS Core Controller / IPS VPN Internet IPS IPS
  9. 9. IPS Summary <ul><li>Provides automated, in-line security throughout the modern network </li></ul><ul><li>Key criteria for in-line IPS solutions </li></ul><ul><ul><li>In-line Reliability - High Availability </li></ul></ul><ul><ul><li>In-line Performance - Throughput with Low Latency </li></ul></ul><ul><ul><li>Extreme Filter Accuracy </li></ul></ul><ul><ul><li>Broad Filter Coverage </li></ul></ul><ul><ul><li>Timely Filter Delivery </li></ul></ul><ul><ul><li>Easy to Use </li></ul></ul>Dirty Traffic Goes In Clean Traffic Comes Out
  10. 10. Thank You www.tippingpoint.com +1 888 TRUE IPS (+1 888 878 3477)

×