1
1
About Network Security Sensors
McAfee Network Security Sensors (Sensors) are high-performance, scalable, and flexible content processing
appliances built for the accurate detection and prevention of:
•
Network intrusions
•
Network misuse
•
Distributed Denial-of-Service (DDoS) attacks
Sensors are specifically designed to handle traffic at wire speed, efficiently inspect and detect intrusions with a
high degree of accuracy, and flexible enough to adapt to the security needs of any enterprise environment.
When deployed at key network access points, the Sensor provides real-time traffic monitoring to detect
malicious activity and respond to the malicious activity as configured by the administrator.
After you deploy a Sensor successfully, you configure and manage it using the McAfee
Manager (Manager). The process of configuring a Sensor and establishing communication with the Manager is
described in subsequent chapters of this guide. For the details about the Manager, see the McAfee Network
Security Platform Manager Administration Guide.
Contents
Functions of an NS-series Sensor
Deployment of an NS-series Sensor
Functions of an NS-series Sensor
The NS-series Sensors are a third-generation hardware platform for McAfee
designed for high bandwidth links, to provide Next Generation IPS (NGIPS) capability, providing high aggregate
throughput across various Sensor models. The NS9500 Sensor is a 1RU unit providing an aggregate throughput
up to 30 Gbps.
The primary function of a Sensor is to analyze traffic on selected network segments and to respond when an
attack is detected. The Sensor examines the header and data portion of every network packet, looking for
patterns and behavior in the network traffic that indicate malicious activity. The Sensor examines packets
according to user-configured policies, or rule sets, which determine what attacks to watch for, and how to
respond with countermeasures if an attack is detected.
If an attack is detected, a Sensor responds according to its configured policy. Sensor can perform many types of
attack responses, including generating alerts and packet logs, resetting TCP connections, "scrubbing" malicious
packets, and even blocking attack packets entirely before they reach the intended target.
McAfee Network Security Platform
®
Network Security
®
Network Security Sensor (Sensor)
5