Chapter 1: Overview
The Stateful IP filtering provides service-level, stateful inspection of network traffic. It incorporates filtering functionality to protect mission-critical applications. An administrator can use firewalls and content filters that determines how the system handles traffic to and from a particular service. These filters are specified by the source, destination, and service or protocol of the traffic.
The X-Series is responsible for the host and service database used by TippingPoint. The X-Series scans your network and maintains an inventory of the active hosts and services on those hosts. System administrators can use information collected by the X-Series to tune attack and IP filters.
Core Functionality
The X-Series provides the following core functionality:
•Optimized VPN connectivity — The TippingPoint X-Series allows inspection and control of traffic both inside and outside of VPN tunnels.
•Enforcement of usage policies — The TippingPoint X-Series can be used to rate-limit applications, such as peer-to-peer file sharing applications, and includes an optimal Web Content Filter subscription service.
•Multicast applications — The TippingPoint X-Series prioritizes real-time traffic and provides secure connectivity for IP multicast traffic.
•Detection and suppression — Unlike an intrusion detection system (IDS), the X-Series identifies and stops malicious traffic on the edge of the network.
•Filter customization — Through IP filters, exceptions, and attack filter creation, you can customize TippingPoint to meet the specific needs of your enterprise.
•Real-time threat aggregation — The TMC collects threat information from throughout the world, converts it to attack filters, and distributes it to TippingPoint™ customers.
•Monitoring — Enterprise networks are in a constant state of change. Because enterprises regularly reconfigure and add new devices and services, TippingPoint monitors the network for these changes using network discovery.
The following sections describe each security application in more detail.
TippingPoint X-Series Environment
A single X-Series can be installed at the perimeter of your network, on your Intranet, or both.
All of the functionality of the X-Series runs directly on the device as the TippingPoint Operating System (TOS). The Local Security Manager (LSM) is a web-browser client for managing your X-Series that provides a graphical interface for on-the-box administration, configuration, and reporting. The LSM accesses the functionality of the X-Series TOS.
You can also access the functionality of the X-Series using the Command Line Interface (CLI). The CLI provides a command line interface for you to set values, run setup commands, and perform general functions. However, the LSM provides most of the advanced functionality, such as reporting and filter configuration.
The Security Management System (SMS) provides functionality beyond that provided by the LSM and CLI. The SMS enables you to manage not one but multiple X-Series devices. The SMS coordinates all X-
