Chapter 1: Overview
The TippingPoint IPS is designed to handle the extremely high demands of carriers and high-density data centers. Even while under attack, TippingPoint Intrusion Prevention Systems are extremely low- latency network infrastructure ensuring switch-like network performance.
The TippingPoint IPS is an active network defense system that uses the Threat Suppression Engine (TSE) to detect and respond to attacks. TippingPoint Intrusion Prevention Systems are optimized to provide high resiliency, high availability security for remote branch offices, small-to-medium and large enterprises and collocation facilities. Each TippingPoint can protect network segments from both external and internal attacks. TippingPoint Intrusion Prevention Systems are extremely low-latency network infrastructure ensuring switch-like network performance, even while under attack.
X-Series devices provide the following ethernet interfaces and traffic performance:
Table 1: X-Series System Performance
| Model | Ethernet | Concurrent | IPS | Firewall | Triple DES |
| interfaces | sessions | Performance | Performance |
| | |
| | | | | | |
| | | | | | |
| X5, 25-user license | 6 x 10/100 | 20,000 | 8 Mbps | 50 Mbps | 8 Mbps |
| | | | | | |
| X5, unlimited-user license | 6 x 10/100 | 60,000 | 8Mbps | 50 Mbps | 8 Mbps |
| | | | | | |
| X505 | 4 x 10/100 | 130,000 | 50 Mbps | 200 Mbps | 50 Mbps |
| | | | | | |
| X506 | 6 x 10/100 | 130,000 | 50 Mbps | 200 Mbps | 50 Mbps |
| | | | | | |
Threat Suppression Engine
The Threat Suppression Engine (TSE) is a highly specialized, hardware-based intrusion prevention platform consisting of state-of-the-art network processor technology and TippingPoint's own set of custom ASICs. The TSE is a line-speed, hardware engine that contains all the functions needed for Intrusion Prevention, including IP defragmentation, TCP flow reassembly, statistical analysis, traffic shaping, flow blocking, flow state tracking and application-layer parsing of over 170 network protocols.
The TSE reconstructs and inspects flow payloads by parsing the traffic at the application layer. As each new packet of the traffic flow arrives, the engine re-evaluates the traffic for malicious content. The instant the engine detects malicious traffic, it blocks all current and all subsequent packets pertaining to the traffic flow. The block of the traffic and packets ensures that the attack never reaches its destination.
The combination of high-speed network processors and custom ASIC chips provide the basis for IPS technology. These highly specialized traffic classification engines enable the IPS to filter with extreme accuracy at gigabit speeds and microsecond latencies. Unlike software-based systems whose performance is affected by the number of filters installed, the highly-scalable capacity of the hardware engine enables thousands of filters to run simultaneously with no impact on performance or accuracy.
Local Security Manager
The Local Security Manager (LSM) is responsible for local administration, configuration, and reporting for a single X-Series. Through the use of a graphical user interface (GUI), the LSM provides the interfaces, tools, and processes that configure and monitor the X-Series. The LSM provides a subset
