Juniper IDP8200 Datenbogen
3
Traffic Detection Methods
The IDP Series offers a combination of eight different detection methods to accurately identify the traffic flowing through the network. By
providing the highest flexibility, the various detection methods also minimize false positives.
providing the highest flexibility, the various detection methods also minimize false positives.
FEATURE
FEATURE DESCRIPTION
BENEFIT
Stateful signature detection
Signatures are applied only to relevant portions of the
network traffic determined by the appropriate protocol
context.
network traffic determined by the appropriate protocol
context.
Minimize false positives.
Protocol anomaly detection
Protocol usage against published RFCs is verified to
detect any violations or abuse.
detect any violations or abuse.
Proactively protect network from undiscovered
vulnerabilities.
vulnerabilities.
Backdoor detection
Heuristic-based anomalous traffic patterns and packet
analysis detect trojans and rootkits.
analysis detect trojans and rootkits.
Prevent proliferation of malware in case other security
measures have been compromised.
measures have been compromised.
Traffic anomaly detection
Heuristic rules detect unexpected traffic patterns that
may suggest reconnaissance or attacks.
may suggest reconnaissance or attacks.
Proactively prevent reconnaissance activities or block
distributed denial of service (DDoS) attacks.
distributed denial of service (DDoS) attacks.
IP spoofing detection
The validity of allowed addresses inside and outside
the network is checked.
the network is checked.
Permit only authentic traffic while blocking disguised
source.
source.
Denial of service (DoS) detection
SYN cookie-based protection from SYN flood attacks
is provided.
is provided.
Protect your key network assets from being
overwhelmed with SYN floods.
overwhelmed with SYN floods.
Layer 2 detection
Layer 2 attacks are detected using implied rules for
Address Resolution Protocol (ARP) table restrictions,
fragment handling, connection timeouts, and byte/
length thresholds for packets.
Address Resolution Protocol (ARP) table restrictions,
fragment handling, connection timeouts, and byte/
length thresholds for packets.
Prevent compromised host from polluting an internal
network using methods such as ARP cache poisoning.
network using methods such as ARP cache poisoning.
Network honeypot
Open ports are impersonated with fake resources to
track reconnaissance activities.
track reconnaissance activities.
Gain insight into real-world network threats and
proactively defend your network before a critical asset
can be attacked.
proactively defend your network before a critical asset
can be attacked.
Granular Traffic Control
To support a wide range of business requirements, the IDP Series offers granular visibility and control over the flow of traffic in the
network. Customers can interact with the IDP Series appliances using an application focus, threat prevention focus, or both by utilizing
the application enforcement policy rules and IPS policy rules, respectively.
network. Customers can interact with the IDP Series appliances using an application focus, threat prevention focus, or both by utilizing
the application enforcement policy rules and IPS policy rules, respectively.
FEATURE
FEATURE DESCRIPTION
BENEFIT
Application policy enforcement
A rule base is dedicated to managing unwanted
applications using any number of actions.
applications using any number of actions.
Easily mange the applications allowed into the
network while maintaining threats at bay.
network while maintaining threats at bay.
Active traffic responses
Various response methods are supported including
drop packet, drop connection, close client, close server,
and close client/server.
drop packet, drop connection, close client, close server,
and close client/server.
Provide appropriate level of response to attacks.
Application rate limiting
This defines the amount of bandwidth allowed for an
individual or group of applications by direction (client-
to-server and server-to-client).
individual or group of applications by direction (client-
to-server and server-to-client).
Preserve network resources by controlling the amount
of bandwidth consumed by applications allowed into
the network.
of bandwidth consumed by applications allowed into
the network.
QoS/DiffServ marking
Packets are marked using DiffServ code point (DSCP).
Optimize network and ensure necessary bandwidth for
business-critical applications.
business-critical applications.
Passive traffic responses
Several passive responses such as logging and TCP
reset are supported.
reset are supported.
Gain visibility into current threats on the network with
the ability to preempt possible attacks.
the ability to preempt possible attacks.
Recommended actions
Juniper Networks Security Team provides
recommendations on appropriate action for each
attack object.
recommendations on appropriate action for each
attack object.
Ease of maintenance is provided. Administrators no
longer need to research or be aware of appropriate
response to each and every threat.
longer need to research or be aware of appropriate
response to each and every threat.
IPAction
Disable access at granular level is provided, ranging
from specific host down to particular traffic flow for
configurable duration of time.
from specific host down to particular traffic flow for
configurable duration of time.
Thwart attempts to launch DDoS attacks detected
through traffic anomaly, DoS detection, or network
honeypot.
through traffic anomaly, DoS detection, or network
honeypot.
VLAN-aware rules
Unique policies are applied to different VLANs.
Apply unique policies based on department, customer,
and compliance requirements.
and compliance requirements.
MPLS traffic inspection
Network traffic encapsulated in MPLS labels is
inspected.
inspected.
The number of IDP Series sensors is reduced.