Huawei NIP2000/5000 Intrusion Prevention System

Similar documents
NIP6000 Next-Generation Intrusion Prevention System

ISG-600 Cloud Gateway

Systrome Next Gen Firewalls

Data Sheet. DPtech IPS2000 Series Intrusion Prevention System. Overview. Series IPS2000-MC-N. Features

Copyright Huawei Technologies Co., Ltd All rights reserved. Trademark Notice General Disclaimer

HUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series

Venusense UTM Introduction

Huawei Cloud Fabric Data Center Security and Application Optimization Solution

USG2110 Unified Security Gateways

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Secospace USG2000&5000 Datasheet

DPX19000 Next Generation Cloud-Ready Service Core Platform

DPX17000 Deep Service Core Switch

Corrigendum 3. Tender Number: 10/ dated

Data Sheet. DPtech Anti-DDoS Series. Overview. Series

Basic Concepts in Intrusion Detection

Certified Ethical Hacker (CEH)

Annexure E Technical Bid Format

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

HUAWEI USG6000 Series Next-Generation Firewall Intelligent Aware Engine (IAE) Technical White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue V1.

Huawei NIP6000 Intrusion Prevention & Detection System Technical White Paper

Eudemon8000E-X Series

Ethical Hacking and Prevention

Legal and notice information

Cisco ASA 5500 Series IPS Solution

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Chapter 11: Networks

Lecture 12. Application Layer. Application Layer 1

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Secure Network Design Document

NETWORK THREATS DEMAN

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

DPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0

Wireless and Network Security Integration Solution Overview

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Eudemon 1000E. Eudemon 1000E Series Product Quick Reference. Huawei Technologies Co., Ltd.

Security Assessment Checklist

CIH

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

Next-Generation Firewall Series Datasheet

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

Fregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G

2 ZyWALL UTM Application Note

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Network Security Platform Overview

CCNA R&S: Introduction to Networks. Chapter 11: It s a Network

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Activating Intrusion Prevention Service

NetDefend Firewall UTM Services

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Unit 2 Assignment 2. Software Utilities?

McAfee Network Security Platform

COMPUTER NETWORK SECURITY

Imperva Incapsula Website Security

HUAWEI USG6370/6380/6390 Next-Generation Firewalls ---Comprehensive Protection for Medium- Sized Businesses

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Eudemon200E-X Series Unified Security Gateway

Chapter 11: It s a Network. Introduction to Networking

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Cisco IOS Inline Intrusion Prevention System (IPS)

Virtual Patching Solution: Increased Protection and Reduced Maintenance for Process Control Systems

BUFFERZONE Advanced Endpoint Security

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Chapter 4. Network Security. Part I

Check Point DDoS Protector Introduction

NSG50/100/200 Nebula Cloud Managed Security Gateway

haltdos - Web Application Firewall

A Unified Threat Defense: The Need for Security Convergence

Cisco SCE 2020 Service Control Engine

IDP SERIES INTRUSION DETECTION AND PREVENTION APPLIANCES

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

GPON Gigabit Passive Optical Network

SANGFOR AD Product Series

Securing Today s Mobile Workforce

Future-ready security for small and mid-size enterprises

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Chapter 1 B: Exploring the Network

ISO27001 Preparing your business with Snare

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Gladiator Incident Alert

HUAWEI USG6330/6350/6360 Next-Generation Firewalls ---Securely and Reliably Connect Smalland Medium-Sized Businesses

Firewalls, Tunnels, and Network Intrusion Detection

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Curso: Ethical Hacking and Countermeasures

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

intelop Stealth IPS false Positive

Reviewer s guide. PureMessage for Windows/Exchange Product tour

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

IDP SERIES INTRUSION DETECTION AND PREVENTION APPLIANCES (IDP75, IDP250, IDP800, IDP8200)

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

BUFFERZONE Advanced Endpoint Security

GCIH. GIAC Certified Incident Handler.

H3C S5130S-LI Gigabit Access & 10G Uplink Switch Series

Seqrite Endpoint Security

Transcription:

Huawei 2000/5000 Intrusion Prevention System Huawei series is designed for large- and medium-sized enterprises, industries, and carriers to defend against network threats and ensure proper operations of services. With the carrier-class design, Huawei system supports various special protocols, such as Multiprotocol Label Switching (MPLS) and Virtual Local Area Network (VLAN), and can be deployed in various environments. The with default configurations can automatically block various types of service threats. Therefore, the significantly simplifies the deployment and effectively decreases the total cost of ownership (TCO). Product Overview Farsighted Overall Prevention The uses various advanced detection technologies to effectively defend against various types of known and hidden threats. The technologies are as follows: Intelligent protocol identification technology, which is used to identify different applications and protocols. This technology frees you from manually setting the protocol port. Vulnerability- and attack signature-based detection technologies, which are used to detect and defend against known attacks, such as vulnerability-based attacks, worms, and Trojan horses. Protocol anomaly detection, traffic anomaly detection, and heuristic detection technologies, which are used to effectively detect hidden vulnerabilities and malware attacks. Virtual patches: The uses multiple types of intrusion detection technologies. The most important technology is vulnerability-based detection technology, which can effectively prevent against vulnerabilitybased threats, such as overflow attacks and worm infections. Compared with traditional attack signaturebased detection technology, this technology does not generate false positive reports and can prevent against attacks that use evasive technologies. 6-1

Appearance Advantages Overall defense against new threats Defends against new malware, zero-day attacks, and botnet. Defends against application-layer DDoS attacks, such as DNS, HTTP, and SIP attacks. More than 300 security researchers globally collect threats and update signatures in real time.; Accurate detection and automatic prevention against service threats Uses vulnerability-based detection technology to provide accurate detection. Avoids threshold configuration mistakes through automatic baseline learning. Automatically prevents against key service threats with no manual intervention. Easy to use and low TCO Can be deployed online with default configurations. Provides centralized security management and real-time security monitor. Provides visualized application traffic. High availability Provides carrier-class hardware design and supports temperature monitor and hot swap of components, such as the fan and power supply. Supports active-active and active-standby HA deployments. Supports hardware bypass. Function Overview With more than 300 advanced researchers and global data and attack collection capabilities, Huawei security research team provides newest security reports and releases new vulnerability signatures periodically (every week) or in emergency (when a key security vulnerability is detected) mode. These vulnerabilities are then delivered to the IPS devices through the cloud security center so that the IPS devices can defend against zero-time-difference attacks as soon as the vulnerabilities are released. Client protection: In Web 2.0 era, more attacks are launched targeting at browsers and widely-spread PDF, SWF, JPEG, and Office documents. A large number of PCs with weak client protection are controlled by hackers as zombies, and key information (such as bank accounts and network passwords) on these PCs are stolen. 6-2

The provides in-depth resolution based on protocols and file formats. It can detect encoded or compressed files, such as GZIP and UTF files. In the process of resolution, the automatically skips the content that is irrelevant with threats. In doing so, the provides overall browser and file vulnerability defense and outstanding online detection performance. Malware control: The defends against malware, such as Trojan horse backdoor, adware, and malicious programs. The blocks the communications and transmission traffic of malware based on the signatures of the communications and traffic and prevents the spreading of the malware. In doing so, the helps decrease the IT cost and prevents potential personal data intrusion and confidential data leaks. Web application protection:enterprises and organizations migrate applications to the web service platform. However, these enterprises and organizations are greatly affected by web server-targeted intrusion attacks and malicious behaviors, such as SQL injection-based web page change, administrator password stolen, and overall website data destruction. Application sensing and control: The can identify more than 1200 network applications, monitor and manage online behaviors, such as Instant Messaging (IM), gaming, video, and stocking, help enterprises identify and limit unauthorized online behaviors, and implement security policies to ensure the working efficiency of employees. The applies a refined bandwidth distribution policy to limit the bandwidth used by malicious applications, such as P2P, online video, and large file download, and ensures enough bandwidth for office applications, such as Office Automation (OA) and Enterprise Resource Planning (ERP). Infrastructure protection: The has powerful anti-ddos and traffic model self-learning capabilities. When DoS attacks are detected or network traffic surges because of the burst of a large scale viruses in a short term, the can automatically detect and block the attacks and abnormal traffic to defend infrastructures, such as routers, switches, VoIP systems, DNS, and web servers, against various types of DoS attacks and ensure the continuity of key services. Easy to Deploy The is delivered with the mature security policy and can provide security protection with no configurations. This default security policy uses advanced engine technology and high-quality vulnerabilitybased signatures and provides accurate threat detection. With this policy, the can automatically block the medium and advanced threats that may compromise services. The can be deployed off-line or online in transparent mode. Interfaces on one device can work online or off-line. Network and security administrators can flexibly select working modes of the device as required without adjusting the network. The also detects data encapsulated on special networks, such as networks using MPLS, VLAN trunk, or Generic Routing Encapsulation (GRE), and can be flexibly deployed in various places. High Availability To deploy the IPS online, high availability is required. Huawei provides the highest-level availability. The supports high availability configurations (configurations of active-standby mode and active-active mode), hot swap of the redundancy power supply and fan, and e-disk solutions. The also provides software and hardware bypass functions (enabled when the software or hardware is faulty), which can bypass a functional module when anomalies occur in this module and bypass the IPS device when the IPS device is faulty. 6-3

Centralized Management and Report The provides not only web management of the device but also centralized management of Manager, through which centralized configuration operations, such as monitoring, upgrade, and policy delivery, can be performed on multiple devices. The provides customers with multiple predefined policies to meet the requirement of policy customization. The Manager has rich log statistics report functions, which enable the Manager to globally display real-time network status, historical information, Top N detected attacks, and traffic trends from multiple granularities and dimensions. With these statistics, users can know the health status of the network at any time and secure the network and perform IT behaviors under the guidance. Application Scenarios WAN Border Internet Internet Access Point In front of servers In front of servers Internet Access Point Limits undesired P2P and video traffic and ensures the bandwidth for proper services. Prevents IM, online gaming, and stock exchange applications to avoid network abuse. Prevents online storage, Web mail, and IM applications to avoid disclosure of internal documents or confidential information. Protects internal hosts and browsers against threats to avoid data loss, data damage, or turning the hosts into zombies. Off-line Monitor (IDS Mode) Meets the requirement of policy compliance. Meet the governmental mandatory standards in classified protection of information system and secretinvolved networks. Helps to maintain the network by providing key information for intrusion detection or faults caused by other anomalies. Helps enterprises to pass standard authentications, which are necessary for company listing or investment promotion. 6-4

In Front of a Server Prevents worms and exploits targeting at service and platform vulnerabilities to avoid possible damage, tampering, data loss, or turning the servers into zombies. Prevents server faults caused by DoS or DDoS attacks. Prevents emerging attacks, such as SQL injection, cross-site scripting, scanning, password guessing, and sniffing, targeting at Web applications. Provides IDC value-added services. WAN Border Implements network logical isolation. Prevents the spread of worms and Trojan horses from external networks. Monitors violations on internal networks. Detects and prevents malicious behaviors, such as sniffing and reconnaissance, from external networks. echnical Requirements Model 2050 2100 2130 2150 2200 5100 5200 5500 Product Basic Performance Megabit Mid-range Megabit Basic Gigabit Mid-range Gigabit High-end Gigabit 10-Gigabit Extension and I/O Dedicated management interface 1 x GE 1 x GE 1 x GE 1 x GE 1 x GE 1 x GE 1 x GE 1 x GE Fixed interface 2 x 10 GE (SFP) Expansion slot 2 x FIC 2 x FIC 2 x FIC 3 x FIC 3 x FIC 3 x FIC 3 x FIC 2 x FIC Expansion network interface, 8 x, 8 x, 8 x, 8 x, 8 x, 8 x 2 x XE, 2 x XE + 8 GE, 8 x 2 x XE, 2 x XE + 8 GE, 8 x 2 x 10 GE 6-5

Model 2050 2100 2130 2150 2200 5100 5200 5500 Feature Server protection Client protection Infrastructure Protection Network application control Alarm and Response Device management Log report monitor Deployment and availability Provides all-round protection for application servers and defends against system vulnerability attacks, service vulnerability attacks, brute force, SQL injection, cross-site scripting, and viruses. Protects browsers and plug-ins, such as Java and ActiveX. Protects files such as Word, PDF, Flash, and AVI. Detects and defends against system vulnerabilities, spyware, adware and viruses. Defends against malformed packet attacks, special packet control attacks, scanning attacks, and TCP/UDP flood attacks. Defends against application-layer DDoS attacks, such as the HTTP, HTTPS, DNS, and SIP flood attacks. Traffic self-learning: sets the threshold for traffic-type attacks based on statistics on normal traffic. Identifies and controls more than 1200 application protocols, including P2P, IM, online game, stock, voice, online video, stream media, web mail, mobile terminal, and remote login applications. Provides real-time alarming, audible alarms, syslogs, SNMP traps, emails, SMS messages, interworking with the third-party device, IP address isolation, attack packet capture, and real-time session blocking. Provides GUI, hierarchical management over administrators, access control permission setting, and centralized management over devices. Supports the rollback and periodic update of the engine knowledge database, and centralized update on the intranet. Provides device status monitoring, event information backup, log query and filtering, realtime network status monitoring, and report customization. The IPS device is deployed in in-line mode and the IDS device is deployed in off-line mode. Interfaces are deployed in online and off-line modes. Supports hardware bypass cards and hot standby deployment. Specifications of Integrated Devices Dimensions (H x W x D) (mm) 43.6 x 442 x 560 43.6 x 442 x 560 43.6 x 442 x 560 130.5 x 442 x 415 Power supply Maximum power AC: 100 V to 240 V 50/60 Hz 150 W 150 W 150 W 300 W AC: 100 V to 240 V 50/60 Hz DC: 48 V to 60 V Power supply redundancy is supported. Operating environment Temperature: 0ºC to 40ºC Relative humidity: 5% to 95%, non-condensing MTBF 12.67 years 6-6

Subscription Information Model (External) Description Host Quoted Items 2050-AC-01 2100-AC-01 2130-AC-01 2150-AC-01 2200-AC-01 5100-AC-01 5200-AC-01 5200-DC-01 5500-AC-01 5500-DC-01 2050 Standard AC Host(4GE+4GE Combo,4G Memory,2 AC Power),with HW Network,with 12 Months 2100 Standard AC Host(4GE+4GE Combo,4G Memory,2 AC Power),with HW Network,with 12 Months 2130 Standard AC Host(4GE+4GE Combo,4G Memory,2 AC Power),with HW Network,with 12 Months 2150 Standard AC Host(4GE+4GE Combo,4G Memory,2 AC Power),with HW Network,with 12 Months 2200 Standard AC Host(4GE+4GE Combo,4G Memory,2 AC Power),with HW Network,with 12 Months 5100 Standard AC Host(4GE+4GE Combo,4G Memory,2 AC Power),with HW Network,with 12 Months 5200 Standard AC Host(4GE+4GE Combo,4G Memory,2 AC Power),with HW Network,with 12 Months 5200 Standard DC Host(4GE+4GE Combo,4G Memory,2 DC Power),with HW Network,with 12 Months 5500 Standard AC Host(4GE+4GE Combo+2*10GE Optical Ports,4G Memory,2 AC Power),with HW Network Intelligent Protection System Software,with 12 Months 5500 Standard DC Host(4GE+4GE Combo+2*10GE Optical Ports,4G Memory,2 AC Power),with HW Network Intelligent Protection System Software,with 12 Months Host Auxiliary Software 2050 Knowledge Base Update Feature LIC-IPS-12-2050 LIC-IPS-36-2050 LIC-AV-12-2050 LIC-AV-36-2050 Subscribe 12 Months,with HW Network Subscribe 36 Months,with HW Network 6-7

Model (External) Description 2100 Knowledge Base Update Feature LIC-IPS-12-2100 LIC-IPS-36-2100 LIC-AV-12-2100 LIC-AV-36-2100 Subscribe 12 Months,with HW Network Subscribe 36 Months,with HW Network 2130 Knowledge Base Update Feature LIC-IPS-12-2130 LIC-IPS-36-2130 LIC-AV-12-2130 LIC-AV-36-2130 Subscribe 12 Months,with HW Network Subscribe 36 Months,with HW Network 2150 Knowledge Base Update Feature LIC-IPS-12-2150 LIC-IPS-36-2150 LIC-AV-12-2150 LIC-AV-36-2150 Subscribe 12 Months,with HW Network Subscribe 36 Months,with HW Network 2200 Knowledge Base Update Feature LIC-IPS-12-2200 LIC-IPS-36-2200 LIC-AV-12-2200 LIC-AV-36-2200 Subscribe 12 Months,with HW Network Subscribe 36 Months,with HW Network 5100 Knowledge Base Update Feature LIC-IPS-12-5100 Subscribe 12 Months,with HW Network 6-8

Model (External) LIC-IPS-36-5100 LIC-AV-12-5100 LIC-AV-36-5100 Description Subscribe 36 Months,with HW Network 5200 Knowledge Base Update Feature LIC-IPS-12-5200 LIC-IPS-36-5200 LIC-AV-12-5200 LIC-AV-36-5200 Subscribe 12 Months,with HW Network Subscribe 36 Months,with HW Network 5500 Knowledge Base Update Feature LIC-IPS-12-5500 LIC-IPS-36-5500 LIC-AV-12-5500 LIC-AV-36-5500 Subscribe 12 Months,with HW Network Subscribe 36 Months,with HW Network Service Board/Bypass Card FIC-4GE- FIC-8GE FIC-8SFP FIC-2LINE-M- FIC-2LINE-S- FIC-2SFP+ FIC-2SFP+&8GE 4GE Electric Ports Bypass Card,with HW General Security Platform Software 8GE Electric Ports Interface Card,with HW General Security Platform Software 8GE Optical Ports FIC Interface Card,with HW General Security Platform Software 2 Link LC/UPC Multimode Optical Interface Bypass Protect Card,with HW General Security Platform Software 2 Link LC/UPC Singlemode Optical Interface Bypass Protect Card,with HW General Security Platform Software 2*10GE Optical Ports FIC Interface Card,with HW General Security Platform Software 2*10GE Optical Ports+8GE Electric Ports Interface Card,with HW General Security Platform Software 6-9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback