Table of Contents
Advertisement
Intrusion Prevention Service
SonicWALL Intrusion Prevention Service (SonicWALL IPS) delivers a configurable, high performance
Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail, file
transfer, Windows services and DNS. SonicWALL IPS is designed to protect against application
vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The
extensible signature language used in SonicWALL's Deep Packet Inspection engine also provides
proactive defense against newly discovered application and protocol vulnerabilities. SonicWALL IPS
offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker
attacks through SonicWALL's industry-leading Distributed Enforcement Architecture (DEA). Signature
granularity allows SonicWALL IPS to detect and prevent attacks based on a global, attack group, or per-
signature basis to provide maximum flexibility and control false positives.
Note:
SonicWALL Intrusion Prevention Service is available for the SonicWALL TZ 170 and PRO Series (PRO
2040, PRO 3060, PRO 4060, and PRO 5060) SonicWALL Internet Security Appliances running
SonicOS Standard or Enhanced 2.2 (or higher).
SonicWALL IPS Features
•
High Performance Deep Packet Inspection Technology - SonicWALL's Intrusion Prevention
Service features a configurable, high-performance Deep Packet Inspection engine that uses parallel
searching algorithms on incoming packets through the application layer to deliver increased attack
prevention capabilities over those supplied by traditional stateful packet inspection firewall. By
performing all of the matching on packets, SonicWALL IPS eliminates the overhead of having to
reassemble the data stream. Parallel processing reduces the impact on the processor and maximizes
available memory for exceptional performance on SonicWALL appliances.
•
Inter-Zone Intrusion Prevention - SonicWALL IPS provides an additional layer of protection against
malicious threats by allowing administrator's to enforce intrusion prevention not only between each
network zone and the Internet, but also between internal network zones. This is performed by
enabling intrusion prevention on inbound and outbound traffic between trusted zones (SonicOS
Enhanced).
•
Extensive Signature Database - SonicWALL IPS utilizes an extensive database of over 1,700 attack
and vulnerability signatures written to detect and prevent intrusions, worms, application exploits, as
well as peer-to-peer and instant messaging traffic. The SonicWALL Deep Packet Inspection engine
can also read signatures written in the popular Snort format, allowing SonicWALL to easily
incorporate new signatures as they are published by third parties. SonicWALL maintains a current
and robust signature database by incorporating the latest available signatures from thousands of
open source developers and by continually developing new signatures for application vulnerabilities
that are not immediately available or provided by open source.
•
Dynamically Updated Signature Database - SonicWALL IPS includes automatic signature updates
delivered through SonicWALL's Distributed Enforcement Architecture (DEA), providing protection
from emerging threats and lowering total cost of ownership. Updates to the signature database are
dynamic for SonicWALL firewalls under an active subscription.
•
Scalable - SonicWALL IPS is a scalable solution for SonicWALL TZ 170 and PRO Series Appliances
that secures small, medium and large networks with complete protection from application exploits,
worms and malicious traffic.
•
Application Control - SonicWALL IPS provides the ability to prevent Instant Messaging and Peer-
to-Peer file sharing programs from operating through the firewall, closing a potential backdoor that
can be used to compromise the network while also improving employee productivity and conserving
Internet bandwidth.
Page 154 SonicWALL SonicOS Standard Administrator's Guide
Advertisement
Table of Contents
