Chapter 4 Ids Cooperation; Introduction To The Ids Cooperation - H3C SecPath F1800-A Operation Manual

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall

4.1 Introduction to the IDS Cooperation

Usually, the SecPath F1800-A is mainly used to:
Prevent users or information from entering some restricted sites.
Monitor access channels between reliable networks and unreliable networks.
Prevents users or information from leaving the restricted sites.
Thus, the SecPath F1800-A assures the information security for the internal network
by protecting the internal network from the danger in external networks.
The firewall has some defects:
Its detection granularity is rather broad; it cannot perform further analysis and
detection on many protocols.
It only defends external attacks, but cannot effectively detect and defend illegal
behaviors of internal clients as well as intruded attacks.
Therefore, the SecPath F1800-A opens some interfaces to link with other security
software so as to construct a united security network.
The IDS system is similar to the network analyzer installed on the network, which is
used to monitor network transmissions. It is familiar with the latest attack method and
detects each packet so as to deal with the suspicious network transmission as soon
as possible. The specific measures depend on IDS system of users and system
configuration condition.
Cooperating with the IDS system, the SecPath F1800-A can make full use of functions
of the IDS software to analyze and detect packets that flow across the network in
detail and to probe various possible abnormal and attack behaviors and respond in
real-time. The networking diagram of cooperation between the SecPath F1800-A and
the IDS software is shown in

Chapter 4 IDS Cooperation

Figure 4-1.
6-81
Chapter 4 IDS Cooperation