3Com TECHD-0000000122 manual Threat Suppression Engine, Local Security Manager

Page 22

Chapter 1: Overview

The TippingPoint IPS is designed to handle the extremely high demands of carriers and high-density data centers. Even while under attack, TippingPoint Intrusion Prevention Systems are extremely low- latency network infrastructure ensuring switch-like network performance.

The TippingPoint IPS is an active network defense system that uses the Threat Suppression Engine (TSE) to detect and respond to attacks. TippingPoint Intrusion Prevention Systems are optimized to provide high resiliency, high availability security for remote branch offices, small-to-medium and large enterprises and collocation facilities. Each TippingPoint can protect network segments from both external and internal attacks. TippingPoint Intrusion Prevention Systems are extremely low-latency network infrastructure ensuring switch-like network performance, even while under attack.

X-Series devices provide the following ethernet interfaces and traffic performance:

Table 1: X-Series System Performance

Model

Ethernet

Concurrent

IPS

Firewall

Triple DES

interfaces

sessions

Performance

Performance

 

 

 

 

 

 

 

 

 

 

 

 

 

 

X5, 25-user license

6 x 10/100

20,000

8 Mbps

50 Mbps

8 Mbps

 

 

 

 

 

 

X5, unlimited-user license

6 x 10/100

60,000

8Mbps

50 Mbps

8 Mbps

 

 

 

 

 

 

X505

4 x 10/100

130,000

50 Mbps

200 Mbps

50 Mbps

 

 

 

 

 

 

X506

6 x 10/100

130,000

50 Mbps

200 Mbps

50 Mbps

 

 

 

 

 

 

Threat Suppression Engine

The Threat Suppression Engine (TSE) is a highly specialized, hardware-based intrusion prevention platform consisting of state-of-the-art network processor technology and TippingPoint's own set of custom ASICs. The TSE is a line-speed, hardware engine that contains all the functions needed for Intrusion Prevention, including IP defragmentation, TCP flow reassembly, statistical analysis, traffic shaping, flow blocking, flow state tracking and application-layer parsing of over 170 network protocols.

The TSE reconstructs and inspects flow payloads by parsing the traffic at the application layer. As each new packet of the traffic flow arrives, the engine re-evaluates the traffic for malicious content. The instant the engine detects malicious traffic, it blocks all current and all subsequent packets pertaining to the traffic flow. The block of the traffic and packets ensures that the attack never reaches its destination.

The combination of high-speed network processors and custom ASIC chips provide the basis for IPS technology. These highly specialized traffic classification engines enable the IPS to filter with extreme accuracy at gigabit speeds and microsecond latencies. Unlike software-based systems whose performance is affected by the number of filters installed, the highly-scalable capacity of the hardware engine enables thousands of filters to run simultaneously with no impact on performance or accuracy.

Local Security Manager

The Local Security Manager (LSM) is responsible for local administration, configuration, and reporting for a single X-Series. Through the use of a graphical user interface (GUI), the LSM provides the interfaces, tools, and processes that configure and monitor the X-Series. The LSM provides a subset

4

X-Series Hardware Installation and Safety Guide V 2.5

Page 21 Page 23
Image 22
Page 21 Page 23
Contents Series Installation Safety Guide VersionCopyright 2006 3Com Corporation. All rights reserved Table of Contents Prepare the Site TippingPoint X505 OverviewIndex Page List of Figures Front PanelPage List of Tables List of Tables Overview About This GuideTarget Audience Organization About the GuideTypeface ConventionsHeadings Cross ReferencesTip Related Documentation Tmc.tippingpoint.comTable About 1 TippingPoint Documents Security Management System Online HelpContact Information Customer SupportTable About 2 Customer Support Information Location Xvi Overview TippingPoint X-Series OverviewTippingPoint X-Series Environment Core FunctionalitySecurity Zones and Network Interfaces Optimized VPN ConnectivityPolicy Enforcement TippingPoint IPSSeries System Performance Model Ethernet Concurrent Threat Suppression EngineLocal Security Manager Firewall Triple DES Interfaces Sessions PerformanceSecurity Management System Threat Management CenterOverview Series Hardware Installation and Safety Guide V Prepare the Site Safety Requirements Class a NoticesGeneral Guidelines Prepare the Site Safety Requirements Environmental Requirements Rack and Clearance RequirementsVentilation and Location Reliable EarthingUnpack the TippingPoint System To unpack the TippingPoint X-Series systemPage TippingPoint X505 Overview Port USB Chassis FeaturesChassis Overview PortColor State Description LEDsLED Descriptions Management Port LED DescriptionsHardware Specifications Technical SpecificationsTippingPoint X-Series X505 Specifications Description Technical Specifications Hardware Installation and ConfigurationSoftware Specifications Rack Space Requirements Install the TippingPoint ChassisMin/Max Number of Chassis Connect the power Complete Initial Setup ConfigurationConnect the X505 to the Internet Register the TippingPointTippingPoint X506 Overview Port Port Port Status LEDsTippingPoint X-Series X506 Specifications Description Segment Port LED DescriptionsTippingPoint X506 Hardware Specifications Detail Description Or = 42 RUs. Each TippingPoint X-Series X506 requires 1RU Connect the power Connect the X506 to the Internet Register the TippingPoint Port Connectors Figure a 1 RJ-45 ConnectorDB-9 Connector Pinout Table a 3 DB-9 Connector Pinouts Pin Number Signal NamePort Connectors Page Index Index Series Hardware Installation and Safety Guide V
Top Page Image Contents