SonicWALL 3 manual Managing SonicWALL Intrusion Prevention Service, SonicWALL IPS Features, 285

SonicWALL Intrusion Prevention Service

C47H A P T E R

Managing SonicWALL

Intrusion Prevention Service

SonicWALL Intrusion Prevention Service

SonicWALL Intrusion Prevention Service (SonicWALL IPS) delivers a configurable, high performance Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail, file transfer, Windows services and DNS. SonicWALL IPS is designed to protect against application vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The extensible signature language used in SonicWALL’s Deep Packet Inspection engine also provides proactive defense against newly discovered application and protocol vulnerabilities. SonicWALL IPS offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker attacks through SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA). Signature granularity allows SonicWALL IPS to detect and prevent attacks based on a global, attack group, or per-signature basis to provide maximum flexibility and control false positives.

Note: Refer to the SonicWALL Intrusion Prevention Service Administrator’s Guide on the Resource CD or the SonicWALL documentation Web site at <http://www.sonicwall.com/services/ documentation.html> for complete instructions.

SonicWALL IPS Features

•High Performance Deep Packet Inspection Technology - SonicWALL’s Intrusion Prevention Service features a configurable, high-performance Deep Packet Inspection engine that uses paral- lel searching algorithms on incoming packets through the application layer to deliver increased attack prevention capabilities over those supplied by traditional stateful packet inspection firewall. By performing all of the matching on packets, SonicWALL IPS eliminates the overhead of having to reassemble the data stream. Parallel processing reduces the impact on the processor and max- imizes available memory for exceptional performance on SonicWALL security appliances.

•Inter-Zone Intrusion Prevention - SonicWALL IPS provides an additional layer of protection against malicious threats by allowing administrator’s to enforce intrusion prevention not only between each network zone and the Internet, but also between internal network zones. This is per- formed by enabling intrusion prevention on inbound and outbound traffic between trusted zones (SonicOS Enhanced).

•Extensive Signature Database - SonicWALL IPS utilizes an extensive database of over 1,700 attack and vulnerability signatures written to detect and prevent intrusions, worms, application exploits, as well as peer-to-peer and instant messaging traffic. The SonicWALL Deep Packet Inspection engine can also read signatures written in the popular Snort format, allowing Son- icWALL to easily incorporate new signatures as they are published by third parties. SonicWALL