Техническая Спецификация для Juniper IDP8200
2
Juniper Networks IDP8200 Intrusion Detection and Prevention
Appliance offers market-leading performance with 10 Gbps of
real-world throughput suited for large enterprises and service
providers. The large throughput also enables the deployment of
IPS appliances at the network core in addition to the network
perimeter to secure and enforce QoS within the corporate
network. The built-in bypass features as well as separation of
control and data plane make the IDP8200 an ideal solution for
networks requiring the highest throughput and reliability.
Appliance offers market-leading performance with 10 Gbps of
real-world throughput suited for large enterprises and service
providers. The large throughput also enables the deployment of
IPS appliances at the network core in addition to the network
perimeter to secure and enforce QoS within the corporate
network. The built-in bypass features as well as separation of
control and data plane make the IDP8200 an ideal solution for
networks requiring the highest throughput and reliability.
Juniper Networks IDP250 and IDP800 Intrusion Detection and
Prevention Appliances offer market-leading IPS capabilities
for mid-size and large enterprises as well as service providers.
Supporting various high availability (HA) options, the IDP250
and IDP800 offer continual security coverage for enterprise and
service provider networks.
Prevention Appliances offer market-leading IPS capabilities
for mid-size and large enterprises as well as service providers.
Supporting various high availability (HA) options, the IDP250
and IDP800 offer continual security coverage for enterprise and
service provider networks.
The Juniper Networks IDP75 Intrusion Detection and Prevention
Appliance brings full IPS capabilities to small and mid-size
businesses as well as remote offices. The built-in bypass
functionality also provides a cost-effective method of ensuring
continuous network availability. By offering the entire suite of IPS
and high-resiliency capabilities, businesses need not compromise
on security when deploying cost-effective IPS products.
Appliance brings full IPS capabilities to small and mid-size
businesses as well as remote offices. The built-in bypass
functionality also provides a cost-effective method of ensuring
continuous network availability. By offering the entire suite of IPS
and high-resiliency capabilities, businesses need not compromise
on security when deploying cost-effective IPS products.
IDP Series Intrusion Detection and Prevention Appliances are
managed by Juniper Networks Network and Security Manager, a
centralized, rule-based management solution offering granular
control over the system’s behavior. NSM also provides easy
access to extensive logging, fully customizable reporting, and
management of all Juniper Networks firewall/VPN/IDP Series
appliances from a single user interface. With the combination of
highest security coverage, granular network control, and visibility
and centralized management, the IDP Series is the best solution
to keep critical information assets safe.
managed by Juniper Networks Network and Security Manager, a
centralized, rule-based management solution offering granular
control over the system’s behavior. NSM also provides easy
access to extensive logging, fully customizable reporting, and
management of all Juniper Networks firewall/VPN/IDP Series
appliances from a single user interface. With the combination of
highest security coverage, granular network control, and visibility
and centralized management, the IDP Series is the best solution
to keep critical information assets safe.
Features and Benefits
IDP Series Capabilities
Juniper Networks IDP Series Intrusion Detection and Prevention Appliances offer several unique features that assure the highest level of
network security.
network security.
FEATURE
FEATURE DESCRIPTION
BENEFIT
Application awareness/
identification
identification
This includes use context, protocol information, and
signatures to identify applications on any port.
signatures to identify applications on any port.
Enable rules and policies based on application
traffic rather than ports—protect or police standard
applications on non-standard ports.
traffic rather than ports—protect or police standard
applications on non-standard ports.
Protocol decodes
More than 60 protocol decodes are supported along
with more than 500 contexts to enforce proper usage
of protocols.
with more than 500 contexts to enforce proper usage
of protocols.
Accuracy of signatures is improved through precise
context of protocols.
context of protocols.
Predefined and custom signatures
1
More than 6,200 predefined signatures are included
for identifying anomalies, attacks, spyware, and
applications. Customization of signatures to
personalize the attack database is allowed.
for identifying anomalies, attacks, spyware, and
applications. Customization of signatures to
personalize the attack database is allowed.
Attacks are accurately identified and attempts
at exploiting a known vulnerability are detected.
Customers fine-tune the attack database specific to
their environment to avoid false-positives.
at exploiting a known vulnerability are detected.
Customers fine-tune the attack database specific to
their environment to avoid false-positives.
Traffic interpretation
Reassembly, normalization, and protocol decoding are
provided.
provided.
Overcome attempts to bypass other IDP Series
detections by using obfuscation methods.
detections by using obfuscation methods.
Application Volume Tracking (AVT)
This tracks and collects volumetric application usage
information.
information.
This aids in proper creation of application policies
based on observed network bandwidth consumption
by application.
based on observed network bandwidth consumption
by application.
Zero-day protection
Protocol anomaly detection and same-day coverage
for newly found vulnerabilities are provided.
for newly found vulnerabilities are provided.
Your network is already protected against any new
exploits.
exploits.
Recommended policy
Group of attack signatures are identified by Juniper
Networks Security Team as critical for the typical
enterprise to protect against.
Networks Security Team as critical for the typical
enterprise to protect against.
Installation and maintenance are simplified while
ensuring the highest network security.
ensuring the highest network security.
1
As of June 2009, there are 6,200 signatures available with daily updates provided.