McAfee IIP-S14C-NA-100I Product Guide - Page 9

An introduction to IntruShield sensors, What is an IntruShield sensor?, Sensor functionality

Get McAfee IIP-S14C-NA-100I - IntruShield 1400 Sensor Appliance PDF manuals and user guides View all McAfee IIP-S14C-NA-100I manuals
Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

CHAPTER 1 An introduction to IntruShield sensors This section describes IntruShield sensors at a high-level and also describes the I1400 in detail. What is an IntruShield sensor? IntruShield sensors are high-performance, scalable, and flexible content processing appliances built for the accurate detection and prevention of intrusions, misuse, and distributed denial of service (DDoS) attacks. IntruShield sensors are specifically designed to handle traffic at wire speed, efficiently inspect and detect intrusions with a high degree of accuracy, and flexible enough to adapt to the security needs of any enterprise environment. When deployed at key Network Access Points, an IntruShield sensor provides real-time traffic monitoring to detect malicious activity, and respond to the malicious activity as configured by the administrator. Once deployed and once communication is established, sensors are configured and managed via the central IntruShield Security Manager (ISM) server. The process of configuring a sensor and establishing communication with the ISM is described in later chapters of this guide. The ISM server is described in detail in IntruShield Security Manager, Getting Started Guide. Sensor functionality The primary function of an IntruShield sensor is to analyze traffic on selected network segments and to respond when an attack is detected. The sensor examines the header and data portion of every network packet, looking for patterns and behavior in the network traffic that indicate malicious activity. The sensor examines packets according to user-configured policies, or rule sets, which determine what attacks to watch for, and how to respond with countermeasures if an attack is detected. If an attack is detected, a sensor responds according to its configured policy. Sensors can perform many types of attack responses, including generating alerts and packet logs, resetting TCP connections, "scrubbing" malicious packets, and even blocking attack packets entirely before they reach the intended target. Sensor platforms McAfee offers multiple sensor platforms providing different bandwidth and deployment strategies. 1

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
C
HAPTER
1
An introduction to IntruShield sensors
This section describes IntruShield sensors at a high-level and also describes the I-
1400 in detail.
What is an IntruShield sensor?
IntruShield sensors are high-performance, scalable, and flexible content processing
appliances built for the accurate detection and prevention of intrusions, misuse, and
distributed denial of service (DDoS) attacks.
IntruShield sensors are specifically designed to handle traffic at wire speed, efficiently
inspect and detect intrusions with a high degree of accuracy, and flexible enough to
adapt to the security needs of any enterprise environment. When deployed at key
Network Access Points, an IntruShield sensor provides real-time traffic monitoring to
detect malicious activity, and respond to the malicious activity as configured by the
administrator.
Once deployed and once communication is established, sensors are configured and
managed via the central IntruShield Security Manager (ISM) server.
The process of configuring a sensor and establishing communication with the ISM is
described in later chapters of this guide. The ISM server is described in detail in
IntruShield Security Manager
,
Getting Started Guide
.
Sensor functionality
The primary function of an IntruShield sensor is to analyze traffic on selected network
segments and to respond when an attack is detected. The sensor examines the
header and data portion of every network packet, looking for patterns and behavior in
the network traffic that indicate malicious activity. The sensor examines packets
according to user-configured policies, or rule sets, which determine what attacks to
watch for, and how to respond with countermeasures if an attack is detected.
If an attack is detected, a sensor responds according to its configured policy. Sensors
can perform many types of attack responses, including generating alerts and packet
logs, resetting TCP connections, “scrubbing” malicious packets, and even blocking
attack packets entirely before they reach the intended target.
Sensor platforms
McAfee offers multiple sensor platforms providing different bandwidth and
deployment strategies.
1