April 01, 2003
NetScreen Technologies IncProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
A choice of network-based IDS or 'in-line' as intrusion prevention device.
True gigabit throughput not yet available from a single sensor, although promised when NetScreen puts the IDP code into a silicon-based hardware implementation.
This product has additional features and is scalable enough to cope with any size of network.
NetScreen uses multi-method detection (MMD) in its IDS appliance, which also includes intrusion prevention options. MMD integrates stateful signature analysis with the detection of protocol anomalies, traffic anomalies, IP spoofing, layer 2 and SYN-flood attacks. Plus, it includes detection of 'backdoor' exploits and a network honeypot. The NetScreen IDP-100 is rated at 200Mbits/sec throughput, offering a choice of eight Fast Ethernet or two separate gigabit monitoring ports.
The stateful signature analysis engine is designed to minimize false alarms by looking for signatures in only the relevant parts of traffic where exploits are possible. Signatures can be updated weekly from NetScreen and there is a Signature Editor to help develop custom signatures, but you do not have to use all the signatures supplied.
The central console runs on Windows or Linux desktops in association with a Management Server that runs on Solaris 7/8 or Red Hat Linux. The Management Server does not need to be installed on a dedicated machine unless a large number of sensors are to be monitored. In smaller installations it can run on the same hardware as one of the IDP sensors. Together, these provide the centralized management capability to establish and deploy security policies to a large number of sensors. Each sensor can have a different policy or be grouped together for common policies. A history is kept for auditing purposes.
Communications between the distributed parts of the system are authenticated and encrypted. NetScreen can also be connected 'in-line,' to take advantage of its intrusion prevention features. When used in-line, you have the choice of configuring it to be completely transparent, with no visible IP addresses. Policies allow you to specify a response when an attack is identified, and actions range from sending an email alert to dropping the connection, when installed as an 'in-line' gateway, providing protection and prevention. Multiple IDP can be deployed in a high-availability configuration to provide failover and load balancing.
Reporting uses a 'dashboard' approach that combines information to give a quick overview of what attacks are being targeted at which hosts. You can drill down to obtain more detailed reports, as required. Features specifically designed to assist in forensic investigation offer the means to present results in an easily understood form.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Shodan finds confidential Europol terrorist dossiers
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report