Buyer’s Guide
For Intrusion Prevention Systems (IPS) Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA手机测试软件
酱香饼的制作方法
408 745 2000 or 888 JUNIPER
Part Number: 710005-001 June 2004
Table of Contents Introduction (3)
Executive Summary (4)
Quick Checklist (6)
Detailed Buyer’s Checklist (8)
Introduction
Security is increasingly top of mind for CIOs, IT directors and network managers. This is becau organizations look to them to protect the network’s critical resources and nsitive information. They are responsible for ensuring that authorized urs are accessing only the information they should and preventing infiltration of their corporate networks by unauthorized individuals. In recent years, however, this task has grown increasingly more difficult due to a variety of factors:
The number of urs and the ways in which they access the network continues to expand, making it harder to tightly control and opening up many avenues for inappropriate u of resources.
The quantity and complexity of attacks continues to grow, often exploiting vulnerabilities in the application-layer that require sophisticated attack detection and analysis to identify and mitigate.
o Hacking/attacking tools are widely available on the Internet and have become significantly less complicated (a lot of tools even have their own GUI’s), making it possible for almost any
Internet ur to download and run an exploit against an organization.
o Attacks increasingly target Windows components, rather than rver software, which translates int
党的纪律是o more potentially vulnerable systems.
o The number of vulnerabilities continues to increa, with the average time from vulnerability announcement to actual exploit relea decreasing, further compounding the difficulties in
ensuring effective curity patching to protect the network.
While firewalls are certainly the first-line of defen and an absolute requirement for any company connecting to the Internet, organizations have realized they cannot be the only line of defen. As a result, most organizations have adopted a layered approach to network curity to try to minimize the risks to their critical asts. A key layer, specifically when it comes to attack protection and mitigation, is an intrusion prevention system. However, not all systems that claim they can perform intrusion prevention are the same.
As a result, it is imperative for an organization to understand the implications of deploying a particular system in their network, particularly with the corporate intellectual property and business-critical data that is at stake. This guide was designed to assist decision-makers in understanding the issues involved in lection and
implementation of intrusion detection and prevention options.
The following ctions provide a framework for evaluating the solutions, some top level questions and a specific list of questions that evaluators can u to identify the features and functionality of each curity solution to ensure the company can compare products and lect the one that best meets the needs and requirements of their enterpri.
Executive Summary
鸭绒Enterpris trust information curity systems to protect their company from rious threats and significant financial loss. Nothing less than the very livelihood of the company is at stake—which makes the lection and implementation of curity solutions that prevent unauthorized network attacks and threats a strategic requirement. This ction is intended to assist decision-makers and evaluators in understanding the esntial criteria to u in evaluating intrusion detection and prevention systems.
Prior to conducting a feature-by-feature comparison, decision-makers should frame their evaluation using the following five (5) criteria. An effective intrusion detection and prevention device should:
1. Facilitate investigations for quick incident resolution.
A key value of an intrusion prevention system is how quickly and effectively it enables the resolution of年终述职ppt
curity incidents. Obviously the goal is to prevent an attack before it ever reaches its destination, however, administrators know that until they have an idea of what is going on in the network it is very difficult to create
a curity policy to effectively prevent attacks. As a result, it is important that the intrusion prevention system
provide you with visibility into the network activity, both at the network and application-level, so that you can understand what is going on and quickly move to remediate incidents and develop a strong curity policy to prevent future attacks of the same nature. It is important that the solution enables both a quick summary of the most important types of events, as well as a way to quickly drill into the raw data and manipulate it to
analyze individual incidents. Generally when an attack occurs, you only have a single data point from which you must extrapolate what is going on and figure out how to contain and eradicate the attack. An intrusion prevention solution, however, should make it easy for you to take that data point
and correlate it with others to quickly achieve a clear understanding of exactly what is going on, so that you can take corrective action and protect your resources.
2. Deliver ea of u.
The ea of u of an intrusion detection and prevention system translates directly into greater control and a higher degree of curity. If the system enables administrators to quickly view pertinent, critical information and make adjustments, network managers can ensure the network is efficiently protected from the latest
threats and the most up-to-date curity policy is in force. If a device is hard to control and understand,
administrators are going to waste time trying to find the information they need to do their job. Quick curity policy definition and easy, global updates from a single, centralized location ensure that enterpri IT teams scattered around the globe can have a comprehensive, real-time view of the system and the network.
Providing a granular level of control in an intuitive manner to curity managers, not only ensures th
at the system meets the company’s specific curity requirements, but also that valuable IT time and resources
are not misspent or wasted. Simply put, a complicated and unintuitive IPS system adds little-to-no value to a corporation’s information curity program.
3.Provide comprehensive protection.
It is important to understand that no solution can protect against absolutely all attacks. Due to the dynamic attack landscape, it is impossible to predict and protect against everything that could potentially be ud
对联加横批against a network. The inherent complexity of network traffic, which includes the vast number of protocols at both the network (IP, TCP, UDP, ICMP, etc.) and application (HTTP, FTP, SMTP, DNS, POP3, IMAP, etc.) layers, provides attackers ample vulnerabilities to exploit. Combine the inherent complexity with the fact that attacks come in different shapes and forms, and attackers have a virtual buffet to choo from when they are attacking your network. The key is to minimize your exposure to attacks. As a result, the
comprehensiveness of protection provided by an intrusion detection and prevention system is critical to its ability to help organizations maintain an acceptable risk level. The solution must support a broad range of protocols and protect against a diver t of attack types to provide value.
4. Prevent an attack.
Whether an intrusion detection and prevention system can stop the attack from ever reaching its victim is the cornerstone to its prevention capabilities. How effective is an intrusion detection system that has to rely on another system to try to prevent an attack? The answer is obvious, but many intrusion detection products do just that, nding a request to a firewall or even the victims themlves to try to end the attack. All of
the mechanisms come after the attack has already reached the victim, so even when successful, they
require the network administrator to investigate exactly how much the attack was able to do before it was stopped. Any device that introduces latency to the prevention respon, is not able to offer true prevention.
共建和谐A truly effective solution can actively prevent attacks during the detection process and drop the malicious
traffic. This ensures it never reaches its intended victim, keeping the enterpri network and nsitive,
mission-critical data safe and cure.
5. Fit amlessly into the network.
In today’s highly distributed, global enterpris, the intrusion detection and prevention solution must be both easy to deploy and meet the performance requirements for the network gment it is protecting. Companies simply cannot spare the time and resources required to update each individual device within the corporate network every time a change is made to the enterpri’s curity policy or a new attack signature is
relead, so the system should offer some centralized controls that simplify the installation and ongoing
maintenance. Nor can an organization afford to re-architect the network or suffer any performance
degradation when the system is deployed. As a result, the system must process traffic quickly, make
curity decisions instantly, and prent that information to the network manager in a timely fashion,
win7锁屏
ensuring the administrator has a real-time view of the system at all times. A slow system that cannot keep up with the rapid flow of network traffic can mean misd attacks and an increasingly vulnerable corporate network. The device needs to perform in an optimal manner, so that the administrator knows exactly what is going on in the network at any given time.