Table of Contents
Advertisement
5. SonicWALL's Deep Packet Inspection framework supports complete signature matching across the
TCP fragments without performing any reassembly (unless the packets are out of order). This results
in more efficient use of processor and memory for greater performance.
SonicWALL IPS Terminology
•
Stateful Packet Inspection - looking at the header of the packet to control access based on port,
protocol, and IP address.
•
Deep Packet Inspection - looking at the data portion of the packet. Enables the firewall to investigate
farther into the protocol to examine information at the application layer and defend against attacks
targeting application vulnerabilities.
•
Intrusion Detection - a process of identifying and flagging malicious activity aimed at information
technology.
•
False Positive - a falsely identified attack traffic pattern.
•
Intrusion Prevention - finding anomalies and malicious activity in traffic and reacting to it.
•
Snort - an open source network intrusion detection system. SonicWALL IPS includes open-source
Snort signatures, as well as signatures from other signature databases, and SonicWALL created
signatures. SonicWALL does not use the Snort engine.
•
Signature - code written to detect and prevent intrusions, worms, application exploits, and Peer-to-
Peer and Instant Messaging traffic.
Page 156 SonicWALL SonicOS Standard Administrator's Guide
Advertisement
Table of Contents
