Table of Contents
Advertisement
Architecture
29
About the core architecture
define, manage, and apply user-defined signatures from the Network Security
console.
Monitoring traffic rate
Symantec Network Security detects malicious flow and traffic shape, provides
multi-gigabit traffic monitoring, and maintains 100% of its detection capability
on a fully saturated gigabit network.
Symantec Network Security performs passive traffic monitoring on its detection
interfaces. It uses this data to perform both aggregate traffic analysis and
individual packet inspection. Individual packets are inspected and traffic is
analyzed per interface. It also uses Netflow data that is locally collected, or
forwarded from a remote device, to augment its traffic analysis.
Symantec Network Security's aggregate analysis detects both denial-of-service
and distributed denial-of-service attacks. These attacks are recognized as
unusual spikes in traffic volume. Using the same data, Symantec Network
Security can also recommend proper remediation of the problem.
Beyond attack detection, Symantec Network Security uses traffic analysis to
detect many information-gathering probes. It detects not only the common
probing methods, but also many stealth modes that slip through firewalls and
other defenses. For example, many firewalls reject attempts to send SYN
packets, yet allow FIN packets. This results in a common port scan method.
Symantec Network Security recognizes this anomaly and triggers an alert.
About DoS detection
Symantec Network Security provides passive traffic monitoring on its detection
interfaces that allows it to detect a variety of DoS attacks such as flooding,
resource reservation, and malformed traffic. Symantec Network Security also
detects a variety of reconnaissance efforts, such as various forms of stealth
scans.
About external EDP
The Event Dispatch Protocol (EDP) provides a generalized framework for
sending events to software and appliance nodes for correlation, investigation,
analysis, and response. Using EDP, Symantec Network Security can collect
security data not only from its own sensors, but also from arbitrary third-party
sources such as firewalls, IDS sensors, and host-based IDS devices. The process
of integrating a third-party sensor generally involves three steps: collection,
conversion, and transmission. First, Symantec Network Security collects the
data from the third-party sensor in its usual collection format, such as flat text
files, SNMP, and source APIs. Then Symantec Network Security converts the
Advertisement
Table of Contents
Related Manuals for Symantec 10521146 - Network Security 7120
Related Products for Symantec 10521146 - Network Security 7120
- Symantec 10521148 - Network Security 7161
- Symantec 16-00-00091 - FNC XGRD FW VPN 200
- Symantec 10268947 - Network Security 7160
- Symantec 10744983 - Mail Security 8320
- Symantec 100
- Symantec 10024200 - 50PK SYM ANTIVIRUS 8.0
- Symantec 10097944 - 10PK NORTON ANTIVIRUS 2004
- Symantec 10460591 - Mail Security 5.0
- Symantec 10067161 - 10PK NORTON ANTIVIRUS
- Symantec 10288239 - ACAD NORTON ANTISPAM 2005
- Symantec 10099585 - 10PK NORTON ANTISPAM 2004
- Symantec 10514879 - Norton Confidential
- Symantec 10547829 - Mail Security For Smtp 5.0 Smb
- Symantec 10547849 - Mail Security For SMTP
- Symantec 10551441 - AntiVirus Corporate Edition
- Symantec 10765539 - Mail Security For SMTP