Enterasys Dragon® 7 Network Intrusion Detection and Prevention DSNSA7-GIG-SX User Manual
Product codes
DSNSA7-GIG-SX
Page 1 of 6 • Data Sheet
Dragon
®
7 Network Intrusion Detection
and Prevention
•
Stealth Network Intrusion Prevention appliances that stop
offenders from ever entering the network
offenders from ever entering the network
•
New industry-leading VoIP protocol decoders protect network from
DOS attacks
DOS attacks
•
High-speed Gigabit capacity for network defense
•
Z e ro Day event detection using a comprehensive multi-method appro a c h
•
Key component of Enterasys’ Dynamic Intrusion Response solution
Powerful Network Intrusion Defense
A sophisticated software- and appliance-
based network intrusion defense system,
the Dragon Network Sensor identifies
misuse and attacks across the network.
based network intrusion defense system,
the Dragon Network Sensor identifies
misuse and attacks across the network.
D r a g o n ’s advanced Intrusion Prevention
(IPS) technology is designed to block
attackers, mitigate denial of service attacks
and prevent information theft while
remaining totally invisible to the network.
Built upon Dragon’s award-winning Intrusion
Detection technology, the IPS will alert on
the attack, drop the offending packets,
terminate the session for TCP- and UDP-
based attacks, and dynamically establish
firewall rules that can keep the source of
the threat off the network indefinitely or
for a configurable period of time. Known
sources of attacks can be stopped from
ever entering the network by enabling
“Black Lists,” while key corporate resources
or trusted networks are always allowed to
pass via “White Lists.”
(IPS) technology is designed to block
attackers, mitigate denial of service attacks
and prevent information theft while
remaining totally invisible to the network.
Built upon Dragon’s award-winning Intrusion
Detection technology, the IPS will alert on
the attack, drop the offending packets,
terminate the session for TCP- and UDP-
based attacks, and dynamically establish
firewall rules that can keep the source of
the threat off the network indefinitely or
for a configurable period of time. Known
sources of attacks can be stopped from
ever entering the network by enabling
“Black Lists,” while key corporate resources
or trusted networks are always allowed to
pass via “White Lists.”
Dragon comes ready “out of the box” with
a large library of attacks it can be configured
to mitigate immediately. Dragon’s Network
IPS can leverage the thousands of vulner-
ability- and exploit-based signatures in
Dragon’s threat libraries as a basis for
network control and threat defense.
a large library of attacks it can be configured
to mitigate immediately. Dragon’s Network
IPS can leverage the thousands of vulner-
ability- and exploit-based signatures in
Dragon’s threat libraries as a basis for
network control and threat defense.
Dragon IPS is available only on currently
shipping Dragon appliances. However, it’s
important to note that almost all of the
Dragon IDS appliances can be converted
shipping Dragon appliances. However, it’s
important to note that almost all of the
Dragon IDS appliances can be converted
into IPS appliances by simply purchasing
an add-on license. Customers are not
required to buy all new appliances if they
want to specify certain ones for IPS. Dragon’s
IPS appliances ensure a high degree of
reliability and redundancy, including fail-
safe bypass options.
an add-on license. Customers are not
required to buy all new appliances if they
want to specify certain ones for IPS. Dragon’s
IPS appliances ensure a high degree of
reliability and redundancy, including fail-
safe bypass options.
Placed at the network edge or at key
aggregation points, the Dragon Network
Sensor is unmatched in detecting security
events such as network misuse, network
intrusions, system exploits and virus or
spyware propagations. Dragon uses a
multimethod approach to identify attacks:
pattern matching, protocol analysis and
anomaly-based techniques. Application-
based event detection detects non-signa-
ture-based attacks against commonly
targeted applications including HTTP,
RPC and FTP.
aggregation points, the Dragon Network
Sensor is unmatched in detecting security
events such as network misuse, network
intrusions, system exploits and virus or
spyware propagations. Dragon uses a
multimethod approach to identify attacks:
pattern matching, protocol analysis and
anomaly-based techniques. Application-
based event detection detects non-signa-
ture-based attacks against commonly
targeted applications including HTTP,
RPC and FTP.
With Dragon 7.2, industry-leading VOIP
protocol decoders are provided for SIP
and H.323, which can identify malformed
messages and prevent damaging DOS
attacks. Also with Dragon 7.2, a new
state-of-the-art signature language is
introduced, which provides the ability to
test arithmetical byte sequences, com-
bined with multiple pattern matches and
Perl Compatible Regular Expressions
while maintaining state. Thresholding can
now be done at the signature level and is
customizable for each virtual sensor.
Signatures continue to be in an open tun-
able XML based format.
protocol decoders are provided for SIP
and H.323, which can identify malformed
messages and prevent damaging DOS
attacks. Also with Dragon 7.2, a new
state-of-the-art signature language is
introduced, which provides the ability to
test arithmetical byte sequences, com-
bined with multiple pattern matches and
Perl Compatible Regular Expressions
while maintaining state. Thresholding can
now be done at the signature level and is
customizable for each virtual sensor.
Signatures continue to be in an open tun-
able XML based format.
• In-line Network Intrusion
Prevention appliances
— P rotects the network fro m
attackers and keeps them
f rom re t u rn i n g
f rom re t u rn i n g
• High performance
architecture
— Gigabit-speed performance
even with protocol
decoding, anomaly detec-
tion and pattern matchers,
active simultaneously
decoding, anomaly detec-
tion and pattern matchers,
active simultaneously
• Virtual Sensor support
— Allows one sensor to act
as multiple unique sensors
• Protocol decoding
— New VoIP decoders identify
attackers who hide an
attack within the protocol
attack within the protocol
• New state-of-the-art
signature language
— Incorporates regular
expressions, compound
pattern matchers, thresh-
olding and state tracking
pattern matchers, thresh-
olding and state tracking
• IDS/IPS Evasion Counter
Measures
— Identifies/blocks attackers
who attempt to evade
Dragon with fragmented
packets and stre a m s
Dragon with fragmented
packets and stre a m s
• Dynamic response
— Enables Enterasys’ DIR;
supports provisioning
response actions in
firewalls, switches, routers
response actions in
firewalls, switches, routers
• Event sniping
— Terminates an attack
session via a TCP reset or
ICMP unreachable message
ICMP unreachable message
• Probe prevention
— Defeats scanning
techniques with false
responses
responses
17079,9013766-4_Drag_NS_DS 1/25/06 4:36 PM Page 1