Proventia Network Intrusion Prevention System

Slides:



Advertisements
Similar presentations
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
System and Network Security Practices COEN 351 E-Commerce Security.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
LittleOrange Internet Security an Endpoint Security Appliance.
Lesson 19: Configuring Windows Firewall
Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Using Windows Firewall and Windows Defender
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Chapter 5: Implementing Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Lesson 11: Configuring and Maintaining Network Security
Cryptography and Network Security Sixth Edition by William Stallings.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Role Of Network IDS in Network Perimeter Defense.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
CompTIA Security+ Study Guide (SY0-401)
Working at a Small-to-Medium Business or ISP – Chapter 8
Module 8: Networking Services
CONNECTING TO THE INTERNET
Vmware 2V0-642 VMware Certified Professional 6 - Network Virtualization (NSX v6.2) VCE Question Answers.
SECURING NETWORK TRAFFIC WITH IPSEC
Securing the Network Perimeter with ISA 2004
Introduction to Networking
Firewalls.
Virtual LANs.
CompTIA Security+ Study Guide (SY0-401)
What’s New in Fireware v12.1.1
Unit 27: Network Operating Systems
* Essential Network Security Book Slides.
Security+ Guide to Network Security Fundamentals, Third Edition
Access Control Lists CCNA 2 v3 – Module 11
IS4680 Security Auditing for Compliance
Chapter 8: Monitoring the Network
Setting Up Firewall using Netfilter and Iptables
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Firewalls Jiang Long Spring 2002.
Firewalls Chapter 8.
AbbottLink™ - IP Address Overview
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Proventia Network Intrusion Prevention System

What is IPS? IPS evolved from IDS IDS identifies threats and sends alerts IPS blocks attacks targeted at your network Because intrusion prevention is designed to block attacks while allowing legitimate traffic, accurate attack detection is essential For accurate, preemptive protection, IPS products use multiple techniques to: Recognize and identify protocols Analyze traffic No single intrusion prevention technique can offer acceptable protection Proventia Network Intrusion Prevention System

Protocol Recognition & Identification Using multiple techniques, protocols can be accurately recognized and identified Examples of protocol recognition and identification techniques that IPS devices should use include: Port Assignment Heuristics Port Following Protocol Tunneling Recognition Proventia Network Intrusion Prevention System

Traffic Analysis Techniques Traffic analysis helps the IPS: Determine the intent of the traffic Block malicious traffic Some examples of traffic analysis techniques that IPS devices should use are: Protocol Analysis RFC Compliance TCP Reassembly Flow Reassembly/Simulation Statistical Threshold Analysis Pattern Matching Proventia Network Intrusion Prevention System

Operational Concerns When protecting systems and data, the primary objectives fall within three categories: Confidentiality Integrity Availability Your IPS and system administrators are responsible for maintaining the confidentiality, integrity and availability of organizational systems and data Proventia Network Intrusion Prevention System

Challenges for Security Administrators Security Administrators must have a vast knowledge base including: TCP/IP Windows platforms Unix platforms Firewalls Routers VPNs An administrator must have knowledge and experience in implementing security on all the various devices within your organization Proventia Network Intrusion Prevention System

Why a Firewall is not Enough Standard firewalls make access control decisions based on the: Source and destination IP addresses Destination port or protocol Standard firewalls are incapable of differentiating valid traffic from malicious traffic Example: If port 80 is open through your firewall to your public web server, a standard firewall cannot prevent malicious attacks destined for port 80 Proventia Network Intrusion Prevention System

How IPS Helps Your Organization Intrusion prevention systems can: Identify and prevent problems to avoid costly damage Minimize incident damage by immediately responding to a threat Prevent trojans from entering the system and deleting files Prevent employees from transmitting critical documentation that could cause an organization a loss of market advantage Collect data and evidence Proventia Network Intrusion Prevention System

IPS From IBM ISS IBM Internet Security Systems offers top of the line intrusion prevention products which include: Proventia® Network Intrusion Prevention System (IPS) Proventia® Network Multi-Functional Security Proventia® Desktop Endpoint Security Proventia® Server Intrusion Prevention System The SiteProtector™ management system: Provides scalable, centralized security management for all IBM ISS products Reduces demands on IT staff and other operational resources Proventia Network Intrusion Prevention System

Proventia Network IPS Proventia Network IPS: Identify attacks against systems and services by copying packets and processing them outside the kernel Can be operated inline to prevent network intrusions and attacks Proventia Network IPS also protects your network from intrusions and attacks in two primary ways: Intrusion protection capability to block attack packets Firewall capability to drop unwanted packets Proventia Network Intrusion Prevention System

Intrusion Prevention Solution Proventia Network IPS prevents attacks and unwanted traffic from entering your network such as: Spyware Intrusions Malicious code Because network traffic travels through inline appliances, the appliance can analyze traffic and block attacks in real-time Proventia Network IPS complements the gateway firewall allowing permitted traffic and blocking unwanted traffic and attacks Because this occurs in real-time, there is no disruption of legitimate network traffic Backdoors Hybrid threats Proventia Network Intrusion Prevention System

Intrusion Prevention Solution Several IPS features protect your network, for example: Dynamic blocking Firewall rules Quarantine and Block responses Three operating modes: Inline Protection Inline Simulation Passive Monitoring SNMP support Virtual PatchTM protection Automatic security content updates Proventia Network Intrusion Prevention System

Benefits of Proventia Network IPS Proventia Network IPS offers the following advantages: Provides real-time intrusion prevention, without disrupting normal network traffic Quarantines known and unknown threats Allows valuable IT resources to focus on other critical projects Proventia Network Intrusion Prevention System

Proventia Management SiteProtector Appliance SiteProtector appliance comes pre-installed with: SiteProtector Application Server Agent Manager Event Collector SiteProtector Database X-Press Update Server SiteProtector Firmware Proventia Server for Windows Before deploying SiteProtector appliance, you must perform initial configuration to enter: IP address and subnet mask Host name and DNS Gateway IP address Introduction to Proventia® Management SiteProtector

Adapter Modes Protection Proventia Network Intrusion Prevention System

Connecting an Appliance Proventia Network Intrusion Prevention System

Switch/Hub to Switch/Hub When deploying the inline appliance between two switches/hubs, establish straight connections from the: First switch/hub to the appliance Appliance to the second switch/hub Proventia Network Intrusion Prevention System

Workstation/Server to Router When deploying the inline appliance between a server or workstation and a router: Establish a crossover connection from the server/workstation to the appliance Establish a crossover connection from the appliance to the router Proventia Network Intrusion Prevention System

Workstation/Server to Switch/Hub When deploying the inline appliance between a server or workstation and a switch or hub: Establish a crossover connection from the server/workstation to the appliance Establish a straight cable connection from the appliance to the switch/hub Proventia Network Intrusion Prevention System

Router to Switch/Hub When deploying the inline appliance between a router and a switch/hub: Establish a crossover connection from the router to the appliance Establish a straight cable connection from the appliance to the switch/hub Proventia Network Intrusion Prevention System

Router to Router When deploying the inline appliance between two routers establish a crossover connection from the: First router to the appliance Appliance to the second router Proventia Network Intrusion Prevention System

Proventia Network IPS High Availability Supports two identical Proventia Network IPS appliances in the following network environment: Primary/Secondary configuration Clustering configuration Uses two appliances connected together by mirror links so that both appliances maintain identical state Proventia Network IPS Proventia Network Intrusion Prevention System

High Availability Port Configuration Proventia Network Intrusion Prevention System

Configuring Appliance Policies You can configure appliance policies that control management functions and security settings The Proventia Network IPS uses the following policies: Connection Events Firewall Global Tuning Parameters Protection Domains Response Objects Security Events OpenSignature Events Update Settings User Defined Events Local Tuning Parameters (Note: Available at the agent level only) Proventia Network Intrusion Prevention System

Ignore Ignore is a default response associated with a Response Filter which disregards packets that match the specified criteria Use the Ignore response to filter Security Events that are not a threat to your organization Proventia Network Intrusion Prevention System

Event Policies You can configure several types of events and the corresponding responses Event policies include: Firewall Connection Events OpenSignature Events User Defined Events Security Events Proventia Network Intrusion Prevention System

Configuring Firewall Rules Add firewall rules to drop or block unwanted packets before they enter your network Can define using any combination of the following: Adapter VLan range Protocol (TCP, UDP, ICMP) Source/Target IP address and port ranges Firewall rules: Work when the appliance is set to Inline Protection mode Are triggered on the ingress port Are processed in the order listed Proventia Network Intrusion Prevention System

Proventia Manager Home Page The Proventia Manager Home page provides a snapshot of the appliance status: Proventia Manager navigation tree Appliance (Agent) name Protection Status System Status Messages about the appliance System Logs and Alerts buttons for each module Proventia Network Intrusion Prevention System

Support Page Proventia Network Intrusion Prevention System

Notification Options Proventia Network Intrusion Prevention System

About the Quarantined Intrusions Page Proventia Network Intrusion Prevention System

Firewall Settings Proventia Network Intrusion Prevention System

Update Options Proventia Network Intrusion Prevention System

SiteProtector Console The purpose of the Console is to let you: Manage SiteProtector components and agents. Monitor security of your network. The specific tasks you can perform using Console depend on your user group permissions. Can install Console on any computer that meets minimum system requirements. Not necessary to install Console on a computer that houses other SiteProtector components. Computer with Console must have network access to SiteProtector Application Server. The Console allows you to access and view multiple SiteProtector sites. Introduction to Proventia® Management SiteProtector

Console Window Introduction to Proventia® Management SiteProtector

Console Grouping Tools My Sites tree: Allows you to organize multiple SiteProtector sites. Allows you to organize Asset Groups for: SiteProtector components and agents. Network assets. Facilitates command and control, and event analysis. Introduction to Proventia® Management SiteProtector

Console Tabs You can access the following Console tabs using the drop-down list on the toolbar: Summary • Asset • System Agent • Policy • Ticket Analysis • Report • Traffic Analysis Note: See training guide for navigation information. Introduction to Proventia® Management SiteProtector

Summary Tab Introduction to Proventia® Management SiteProtector

Agent Tab Introduction to Proventia® Management SiteProtector

Analysis Tab Introduction to Proventia® Management SiteProtector

Asset Tab Introduction to Proventia® Management SiteProtector

Policy Tab Introduction to Proventia® Management SiteProtector

Report Tab Introduction to Proventia® Management SiteProtector

System Tab Introduction to Proventia® Management SiteProtector

Ticket Tab Introduction to Proventia® Management SiteProtector

Traffic Analysis Tab Introduction to Proventia® Management SiteProtector

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.