Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proventia Network Intrusion Prevention System

Published byBerniece Parrish Modified over 6 years ago

Similar presentations

Presentation on theme: "Proventia Network Intrusion Prevention System"— Presentation transcript:

1 Proventia Network Intrusion Prevention System

2 What is IPS? IPS evolved from IDS
IDS identifies threats and sends alerts IPS blocks attacks targeted at your network Because intrusion prevention is designed to block attacks while allowing legitimate traffic, accurate attack detection is essential For accurate, preemptive protection, IPS products use multiple techniques to: Recognize and identify protocols Analyze traffic No single intrusion prevention technique can offer acceptable protection Proventia Network Intrusion Prevention System

3 Protocol Recognition & Identification
Using multiple techniques, protocols can be accurately recognized and identified Examples of protocol recognition and identification techniques that IPS devices should use include: Port Assignment Heuristics Port Following Protocol Tunneling Recognition Proventia Network Intrusion Prevention System

4 Traffic Analysis Techniques
Traffic analysis helps the IPS: Determine the intent of the traffic Block malicious traffic Some examples of traffic analysis techniques that IPS devices should use are: Protocol Analysis RFC Compliance TCP Reassembly Flow Reassembly/Simulation Statistical Threshold Analysis Pattern Matching Proventia Network Intrusion Prevention System

5 Operational Concerns When protecting systems and data, the primary objectives fall within three categories: Confidentiality Integrity Availability Your IPS and system administrators are responsible for maintaining the confidentiality, integrity and availability of organizational systems and data Proventia Network Intrusion Prevention System

6 Challenges for Security Administrators
Security Administrators must have a vast knowledge base including: TCP/IP Windows platforms Unix platforms Firewalls Routers VPNs An administrator must have knowledge and experience in implementing security on all the various devices within your organization Proventia Network Intrusion Prevention System

7 Why a Firewall is not Enough
Standard firewalls make access control decisions based on the: Source and destination IP addresses Destination port or protocol Standard firewalls are incapable of differentiating valid traffic from malicious traffic Example: If port 80 is open through your firewall to your public web server, a standard firewall cannot prevent malicious attacks destined for port 80 Proventia Network Intrusion Prevention System

8 How IPS Helps Your Organization
Intrusion prevention systems can: Identify and prevent problems to avoid costly damage Minimize incident damage by immediately responding to a threat Prevent trojans from entering the system and deleting files Prevent employees from transmitting critical documentation that could cause an organization a loss of market advantage Collect data and evidence Proventia Network Intrusion Prevention System

9 IPS From IBM ISS IBM Internet Security Systems offers top of the line intrusion prevention products which include: Proventia® Network Intrusion Prevention System (IPS) Proventia® Network Multi-Functional Security Proventia® Desktop Endpoint Security Proventia® Server Intrusion Prevention System The SiteProtector™ management system: Provides scalable, centralized security management for all IBM ISS products Reduces demands on IT staff and other operational resources Proventia Network Intrusion Prevention System

10 Proventia Network IPS Proventia Network IPS:
Identify attacks against systems and services by copying packets and processing them outside the kernel Can be operated inline to prevent network intrusions and attacks Proventia Network IPS also protects your network from intrusions and attacks in two primary ways: Intrusion protection capability to block attack packets Firewall capability to drop unwanted packets Proventia Network Intrusion Prevention System

11 Intrusion Prevention Solution
Proventia Network IPS prevents attacks and unwanted traffic from entering your network such as: Spyware Intrusions Malicious code Because network traffic travels through inline appliances, the appliance can analyze traffic and block attacks in real-time Proventia Network IPS complements the gateway firewall allowing permitted traffic and blocking unwanted traffic and attacks Because this occurs in real-time, there is no disruption of legitimate network traffic Backdoors Hybrid threats Proventia Network Intrusion Prevention System

12 Intrusion Prevention Solution
Several IPS features protect your network, for example: Dynamic blocking Firewall rules Quarantine and Block responses Three operating modes: Inline Protection Inline Simulation Passive Monitoring SNMP support Virtual PatchTM protection Automatic security content updates Proventia Network Intrusion Prevention System

13 Benefits of Proventia Network IPS
Proventia Network IPS offers the following advantages: Provides real-time intrusion prevention, without disrupting normal network traffic Quarantines known and unknown threats Allows valuable IT resources to focus on other critical projects Proventia Network Intrusion Prevention System

14 Proventia Management SiteProtector Appliance
SiteProtector appliance comes pre-installed with: SiteProtector Application Server Agent Manager Event Collector SiteProtector Database X-Press Update Server SiteProtector Firmware Proventia Server for Windows Before deploying SiteProtector appliance, you must perform initial configuration to enter: IP address and subnet mask Host name and DNS Gateway IP address Introduction to Proventia® Management SiteProtector

15 Adapter Modes Protection Proventia Network Intrusion Prevention System

16 Connecting an Appliance
Proventia Network Intrusion Prevention System

17 Switch/Hub to Switch/Hub
When deploying the inline appliance between two switches/hubs, establish straight connections from the: First switch/hub to the appliance Appliance to the second switch/hub Proventia Network Intrusion Prevention System

18 Workstation/Server to Router
When deploying the inline appliance between a server or workstation and a router: Establish a crossover connection from the server/workstation to the appliance Establish a crossover connection from the appliance to the router Proventia Network Intrusion Prevention System

19 Workstation/Server to Switch/Hub
When deploying the inline appliance between a server or workstation and a switch or hub: Establish a crossover connection from the server/workstation to the appliance Establish a straight cable connection from the appliance to the switch/hub Proventia Network Intrusion Prevention System

20 Router to Switch/Hub When deploying the inline appliance between a router and a switch/hub: Establish a crossover connection from the router to the appliance Establish a straight cable connection from the appliance to the switch/hub Proventia Network Intrusion Prevention System

21 Router to Router When deploying the inline appliance between two routers establish a crossover connection from the: First router to the appliance Appliance to the second router Proventia Network Intrusion Prevention System

22 Proventia Network IPS High Availability
Supports two identical Proventia Network IPS appliances in the following network environment: Primary/Secondary configuration Clustering configuration Uses two appliances connected together by mirror links so that both appliances maintain identical state Proventia Network IPS Proventia Network Intrusion Prevention System

23 High Availability Port Configuration
Proventia Network Intrusion Prevention System

24 Configuring Appliance Policies
You can configure appliance policies that control management functions and security settings The Proventia Network IPS uses the following policies: Connection Events Firewall Global Tuning Parameters Protection Domains Response Objects Security Events OpenSignature Events Update Settings User Defined Events Local Tuning Parameters (Note: Available at the agent level only) Proventia Network Intrusion Prevention System

25 Ignore Ignore is a default response associated with a Response Filter which disregards packets that match the specified criteria Use the Ignore response to filter Security Events that are not a threat to your organization Proventia Network Intrusion Prevention System

26 Event Policies You can configure several types of events and the corresponding responses Event policies include: Firewall Connection Events OpenSignature Events User Defined Events Security Events Proventia Network Intrusion Prevention System

27 Configuring Firewall Rules
Add firewall rules to drop or block unwanted packets before they enter your network Can define using any combination of the following: Adapter VLan range Protocol (TCP, UDP, ICMP) Source/Target IP address and port ranges Firewall rules: Work when the appliance is set to Inline Protection mode Are triggered on the ingress port Are processed in the order listed Proventia Network Intrusion Prevention System

28 Proventia Manager Home Page
The Proventia Manager Home page provides a snapshot of the appliance status: Proventia Manager navigation tree Appliance (Agent) name Protection Status System Status Messages about the appliance System Logs and Alerts buttons for each module Proventia Network Intrusion Prevention System

29 Support Page Proventia Network Intrusion Prevention System

30 Notification Options Proventia Network Intrusion Prevention System

31 About the Quarantined Intrusions Page
Proventia Network Intrusion Prevention System

32 Firewall Settings Proventia Network Intrusion Prevention System

33 Update Options Proventia Network Intrusion Prevention System

34 SiteProtector Console
The purpose of the Console is to let you: Manage SiteProtector components and agents. Monitor security of your network. The specific tasks you can perform using Console depend on your user group permissions. Can install Console on any computer that meets minimum system requirements. Not necessary to install Console on a computer that houses other SiteProtector components. Computer with Console must have network access to SiteProtector Application Server. The Console allows you to access and view multiple SiteProtector sites. Introduction to Proventia® Management SiteProtector

35 Console Window Introduction to Proventia® Management SiteProtector

36 Console Grouping Tools
My Sites tree: Allows you to organize multiple SiteProtector sites. Allows you to organize Asset Groups for: SiteProtector components and agents. Network assets. Facilitates command and control, and event analysis. Introduction to Proventia® Management SiteProtector

37 Console Tabs You can access the following Console tabs using the drop-down list on the toolbar: Summary • Asset • System Agent • Policy • Ticket Analysis • Report • Traffic Analysis Note: See training guide for navigation information. Introduction to Proventia® Management SiteProtector

38 Summary Tab Introduction to Proventia® Management SiteProtector

39 Agent Tab Introduction to Proventia® Management SiteProtector

40 Analysis Tab Introduction to Proventia® Management SiteProtector

41 Asset Tab Introduction to Proventia® Management SiteProtector

42 Policy Tab Introduction to Proventia® Management SiteProtector

43 Report Tab Introduction to Proventia® Management SiteProtector

44 System Tab Introduction to Proventia® Management SiteProtector

45 Ticket Tab Introduction to Proventia® Management SiteProtector

46 Traffic Analysis Tab Introduction to Proventia® Management SiteProtector

Download ppt "Proventia Network Intrusion Prevention System"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Using Windows Firewall and Windows Defender

Using Windows Firewall and Windows Defender
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

Similar presentations

Ads by Google