|
 |
| Products |
 |
Network Appliance |
 |
|
|
 |
Network environment is changing into the mass-gigabit since IT infrastructure based on internet is becoming more common. Malicious attack and harmful traffic targeting it also tend to increase rapidly such as worm, virus and DoS.
Thus, the fastest network technology should be worked with security technology preventing threats in order to protect the network environment.
Absolute IPS of AhnLab is the network security product which shows the solution through deep understanding of this problem.
Absolute IPS is Intrusion Prevention Solution which handles packets freely up to 7 layer, maintaining 8Gbps circuit speed based on Network Processor.
Absolute IPS detects and blocks abnormal flow systematically in order to block the new worms and DoS and also provides fast interruption-free bypass function in case of a system fault and minimizes network fault.
Especially, Absolute IPS is acknowledged the stability and performance by acquisition of CC(Common Criteria) Authentication (EAL4:Evaluation Assurance Level 4)in August 2007.
|
|
|
|
| Feature | Feature Description |
| Intrusion Detection and Prevention |
-
• Deep Packet Inspection (DPI)-type stateful packet inspection
- • Detection and handling of more than 3,500 known attacks (or known signatures)
- • Detection and handling of IP, protocols, and traffic anomaly attacks
- • Detection and handling of DoS and scan through self-learning
- • Infrastructure Protection Filter (IPF) for protection of important assets such as servers and routers
- • Various responses scheme
- Logging, notify, e-mail, packet drop, rate control, session kill, firewall interface, etc.
|
| Application and Traffic Control |
- • Various control methods depending on the characteristics of nine messengers and P2P services
- • Quality of Service (QoS)
- • URL/URI Blocking
- • Spam blocking (Keyword Filtering)
- • Blocking of infected host communication through the quarantine function
|
| Installation and operation |
- • In-line, Span, Tab and Port Clustering operation modes
- • 256 virtual sensor (CIDR, physical port, VLAN Tag)
- • Raw data storing and analysis
- • HA and bypass
- • Network and host monitoring
- • Immediate blocking of certain events
|
| Integrated Management |
- • Classified administrator authorities (general administrator / super administrator)
- • Various signature update methods (without rebooting)
- • Set-up wizard
- • Real-time equipment status monitoring
- • Integrated log management and real-time event searching
- • Log and configuration backup/restore
|
| Statistics and report |
- • Real-time Statistics and report
- • Minimum nine graphs types including bar, area, pie, and Gantt
- • Minimum 33 report types
- • Report export into PDF, xls, doc, HTML and other formats
- • Basic log search, and extended log search through SQL
|
|
|
|
|
|
| Type | Item | Absolute IPS NP 2000 | Absolute IPS NP 4000 | Absolute IPS NP 8000 |
| Specification | Authentication | CC (EAL 4), NSS Approved, Security Evaluation | | Hardware Item | Dedicated Hardware | | Operation Type | In-line, Span, Tab, Port Clustering | | Processor | CPU | 10G-level Network Processor and Universal CPU | | Others | High speed pattern Accelerator (Signature Accelerator) | | Memory | main | 2G | | flash | 256M CF | | NIC | IPS port (Sensor NIC) | 1000baseSX(SFP) * 4
10/100/1000baseTX * 4 | | Management port | 1000baseSX * 3
10/100/1000baseTX * 3 | | Power | Dual | O | | Hotswap | O |
| Capacity | 400W | | OS | Internal OS | | Disk Installation | X |
| Log Storage (DBMS) | Separate Log Server (MDB, MS SQL, DB2) |
| LCD | 2Line |
| Dimensions (HxWxDmm, Weight) | 173x440x335, 16kg |
| Performance | Throughput | Maximum Performance | Full 2G | Full 4G | Full 8G |
| Session | Session per Second | Maximum 3 million | | Maximum Stable Sessions | 1,5000,000 | 2,000,000 | 3,000,000 | | Latency | latency | Maximum 12 microsec |
|
|
|
|
|
| Type |
Item |
| Security Feature | Signature-based Detection | Stateful-based Detection | | TCP Reassembly |
| IP Defragmentation |
| User-defined Signature |
| Exception-handling Policy | | Anomaly-based Detection (Self-learning) | Self-learning Function | | Self-learning Period | | Threshold Correction | | Threshold Scheduling |
| IP, Protocol, Traffic Anomaly Handling | | DoS and Scan Detection | Entire Traffic Threshold Control | | DNS query Attack | | Syn Flooding | | Ping Flooding |
| TCP Syn Scan |
| TCP Fin Scan |
| TCP Xmas Scan |
| TCP Null Attack |
| UDP Scan |
| Virtual Sensor | By Port | | By Vlan | | By IP |
| Inbound/Outbound Separation Policy |
| HA (High Availability) | Configuration Wizard | | Active-Active | | Active-Standby |
| Session Synchronization |
| Port Aggregation |
| IP Tracking |
| Raw Data Storing |
| Raw Data Analysis |
| IPF (Intrusion Prevention) | IP/Network Blocking | | IPF Group Policy | | Port-based Blocking |
| Rate Control (Qos) Function |
| URL/URI Blocking |
| Spam Blocking |
| Virus Blocking |
| Network, host Monitoring |
| P2P Control | Individual Restriction | | P2P Restriction | | Blocking Method |
| Messenger | Individual Blocking | | Support for Messengers of Korean users |
| Quarantine | Separation of Infected PCs | | Response Range | | Partial Access Allowed |
| Quarantine Time Setting |
| Web Page Redirection |
| Management | Integrated Management | Separate Administrator Authorities | | Random IP Access Control |
| Automatic Logout |
| Automatic/Manual Signature Update |
| File-based update |
| Setup Wizard |
| GUI Type |
| Integrated Management |
| Real-time Event Monitoring |
| Detailed Event Searching |
| Real-time Equipment Status Monitoring | | Response to Security Policy Violation | Logging | | Notify | | E-Mail | | Syslog |
| SNMP Trap |
| Firewall Interface |
| IP Management Tool Interface |
| Real-time Packet Drop |
| Real-time Rate Control | | Statistics and Report | Real-time Statistics | | Chart | | 24-hour (Daily) Statistics | | Alert Statistics |
| Minimum 33 Report Items |
| Report Creation Period |
| Report Export |
| Custom Report |
| Report Scheduling |
| Integrated Log Management | Integrated Log Management | | Basic Log Search | | Extended Log Search (SQL) |
| Log Backup |
| Config Backup/Restore |
| SSH Method Setting |
| Encrypted Sensor-Manager Communication |
| Help Menu in Korean Language |
|
|
|
|
|
|
