NCIRC Security Tools NIAPC Submission Summary Juniper IDP 200

Transcription

1 NCIRC Security Tools NIAPC Submission Summary Juniper IDP 200 Document Reference: Security Tools Internal NIAPC Submission NIAPC Category: Intrusion Detection & Prevention Date Approved for Submission: Evaluation/Submission Agency: NCIRC Issue Number: Draft 0.01 NATO UNCLASSIFIED RELEASABLE TO THE INTERNET

2 TABLE of CONTENTS 1 Product Category Role Overview Certification Company Country of Origin Web Link Product Description Technical Requirements Limitations Evaluation/Review Conclusions/Comments...5 NATO UNCLASSIFIED RELEASABLE TO THE INTERNET Page 2 of 5

3 1 Product Juniper IDP Category Intrusion Detection & Prevention. 3 Role Network intrusion detection. 4 Overview The Juniper Networks Intrusion Detection and Prevention products (Juniper Networks IDP) provide comprehensive and easy to use protection against current and emerging threats at both the application and network layer. 5 Certification Juniper Networks IDP 4.0 & NSM has been tested and certified by the NIAP (National Information Assurance Partnership) to NIAP EAL2 (Evaluation Assurance Level 2). The Juniper IDP 200 was part of the hardware target of evaluation. 6 Company Juniper Networks. Figure 1: Juniper Networks Logo 7 Country of Origin USA. 8 Web Link 9 Product Description NATO UNCLASSIFIED RELEASABLE TO THE INTERNET Page 3 of 5

4 Figure 2: The Juniper IDP 200. The Juniper Networks Intrusion Detection and Prevention products (Juniper Networks IDP) provide comprehensive and easy to use inline protection to stop network and application-level attacks before they inflict any damage, minimizing the time and costs associated with intrusions. Using industry recognized stateful detection and prevention techniques, Juniper Networks IDP provides day-zero protection against worms, Trojans, spyware, keyloggers, and other malware from penetrating the network and spreading from already infected users to others. Juniper Networks IDP also provides information on rogue servers as well as types and versions of applications and operating systems that may have unknowingly been added to the network. Armed with the knowledge that unauthorized applications such as peer-to-peer or instant messaging have been added to the network, administrators can easily enforce compliance to security corporate application use policies. Not only can administrators control the access of specific applications, but with the support for Diffserv markings, they can now ensure business critical applications receive a predictable quality of service. Juniper Networks IDP products are managed by NetScreen Securirty Manager (NSM), a centralized, rule-based management solution offering granular control over all Juniper FW, VPN and IDP products with easy access to extensive logging and fully customizable reporting, all from a single user interface. With the combination of highest security coverage, granular network control and visibility, and centralized management, Juniper Networks IDP is the best solution to keep critical information assets safe. Key features: Multi-method detection system that includes compound signatures, stateful signatures, protocol anomaly and backdoor detection Extensive signature customization to improve the ability to detect unique attacks and tailor the signature specific to the customer's requirements Simplified deployment and maintenance of IDP appliance via Recommended Policy backed by Juniper Networks Security Team Rate limiting capability at the application level (via Diffserv marking) to ensure QoS for mission-critical applications Application Identification feature to accurately correlate the network traffic to a particular application even ones using multiple and/or dynamic ports Closed loop investigation process to quickly see the big picture and then drill down to the appropriate level of detail to make informed security decisions Enterprise Security Profiler (ESP) to gain insight into network and attack activity that accelerates inline deployment and facilitates attack investigation Security Explorer to view the network activities through a graphical, easy to understand and interactive user interface Policy Editor to create and deploy granular security policies based on what traffic to look at, what attacks to look for in that traffic and how to respond when an attack has been detected Log Viewer to investigate specific security incidents with the ability to customize the way information is processed within the system NATO UNCLASSIFIED RELEASABLE TO THE INTERNET Page 4 of 5

5 Common management solution as Juniper Networks FW/VPN and integrated FW/VPN/IDP appliances for centralized rule-based management across multiple security appliances Fully customizable reporting to generate up to the minute status on network activity Role-based administration to logically divide administrator accesses based on business practices IDP clustering to enable stateful, standalone high availability minimizing the risk of a single point of failure and maximizing network protection Maximum Throughput: 250 Mb. Maximum Number of Sessions: 70,000 Operational Modes: Passive sniffer, inline bridge, inline Proxy-ARP, and inline router Detection Mechanisms: 8 including Stateful Signatures and backdoor detection Signature Updates: Daily and emergency Number of Interfaces: 8 10/100/1000 traffic ports, 1 10/100/1000 mgmt port & 1 10/100/1000 HA port High-Availability Support: Integrated bypass for copper gigabit traffic ports, load sharing, clustering and 3rd party failover 10 Technical Requirements Appliance based connecting inline to exiting network infrastructure. GUI Client Platform Requirements The client application is a Java-based application that runs on Windows 2000, NT, XP, Red Hat Enterprise 3.0 or 4.0. JRE version is included. Recommended capacities (min): CPU 400 MHz Pentium II or equivalent RAM 1 GB Available Disk Space 100MB Connectivity to Server 384 kbps (DSL) or LAN. 11 Limitations Maximum Throughput: 250 Mb. Maximum Number of Sessions: 70,000 Approval must be sought for use of as this application as inappropriate and misconfigured software can cause severe network infrastructure degradation and data loss. 12 Evaluation/Review Conclusions/Comments An IDS\IDP solution from one of the market leaders in the field that integrates well with other third party applications needed for overall incident management. NATO UNCLASSIFIED RELEASABLE TO THE INTERNET Page 5 of 5