Filter
Top Products
254
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
C
HAPTER
41:
Activating Intrusion Prevention Service
Inspection engine can also read signatures written in the popular Snort format, allowing
SonicWALL to easily incorporate new signatures as they are published by third parties.
SonicWALL maintains a current and robust signature database by incorporating the latest
available signatures from thousands of open source developers and by continually developing new
signatures for application vulnerabilities that are not immediately available or provided by open
source.
• Dynamically Updated Signature Database - SonicWALL IPS includes automatic signature
updates delivered through SonicWALL’s Distributed Enforcement Architecture (DEA), providing
protection from emerging threats and lowering total cost of ownership. Updates to the signature
database are dynamic for SonicWALL firewalls under an active subscription.
• Scalable - SonicWALL IPS is a scalable solution for SonicWALL TZ 170 and PRO Series
Appliances that secures small, medium and large networks with complete protection from
application exploits, worms and malicious traffic.
• Application Control - SonicWALL IPS provides the ability to prevent Instant Messaging and Peer-
to-Peer file sharing programs from operating through the firewall, closing a potential backdoor that
can be used to compromise the network while also improving employee productivity and
conserving Internet bandwidth.
• Simplified Deployment and Management - SonicWALL IPS allows network administrators to
quickly and easily manage the service within minutes. Administrator’s can create global policies
between security zones and interfaces as well as group attacks by priority, simplifying deployment
and management across a distributed network.
• Granular Policy Management - SonicWALL IPS provides administrators with a range of granular
policy tools to enforce IPS on a global, group, or individual signature level to enable more control
and reduce the number of false policies. SonicWALL IPS allows also allows administrators to
choose between detection, prevention, or both to tailor policies for their specific network
environment.
• Logging and Reporting - SonicWALL IPS offers comprehensive logging of all intrusion attempts
with the ability to filter logs based on priority level, enabling administrator’s to highlight high priority
attacks. Granular reporting based on attack source, destination and type of intrusion is available
through SonicWALL ViewPoint and Global Management System. A hyperlink of the intrusion
brings up the signature window for further information from the SonicWALL appliance log.
• Management by Risk Category - SonicWALL IPS allows you to enable/disable detection or
prevention based on the priority level of attack through High, Medium, or Low predefined priority
groups.
• Detection Accuracy - SonicWALL IPS detection and prevention accuracy is achieved minimizing
both false positives and false negatives. Signatures are written around applications, such as
Internet Explorer or SQL Server rather than ports or protocols to ensure that malicious code
targeting them are correctly identified and prevented.
SonicWALL Deep Packet Inspection
Deep Packet Inspection looks at the data portion of the packet. The Deep Packet Inspection
technology includes intrusion detection and intrusion prevention. Intrusion detection finds anomalies
in the traffic and alerts the administrator. Intrusion prevention finds the anomalies in the traffic and
reacts to it, preventing the traffic from passing through.
Deep Packet Inspection is a technology that allows a SonicWALL Security Appliance to classify
passing traffic based on rules. These rules include information about layer 3 and layer 4 content of the
packet as well as the information that describes the contents of the packet’s payload, including the
application data (for example, an FTP session, an HTTP Web browser session, or even a middleware
database connection). This technology allows the administrator to detect and log intrusions that pass
through the SonicWALL Security Appliance, as well as prevent them (i.e. dropping the packet or
resetting the TCP connection). SonicWALL’s Deep Packet Inspection technology also correctly
handles TCP fragmented byte stream inspection as if no TCP fragmentation has occurred.