McAfee IIP-S14C-NA-100I Product Guide - Page 9
An introduction to IntruShield sensors, What is an IntruShield sensor?, Sensor functionality
View all McAfee IIP-S14C-NA-100I manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 9 highlights
CHAPTER 1 An introduction to IntruShield sensors This section describes IntruShield sensors at a high-level and also describes the I1400 in detail. What is an IntruShield sensor? IntruShield sensors are high-performance, scalable, and flexible content processing appliances built for the accurate detection and prevention of intrusions, misuse, and distributed denial of service (DDoS) attacks. IntruShield sensors are specifically designed to handle traffic at wire speed, efficiently inspect and detect intrusions with a high degree of accuracy, and flexible enough to adapt to the security needs of any enterprise environment. When deployed at key Network Access Points, an IntruShield sensor provides real-time traffic monitoring to detect malicious activity, and respond to the malicious activity as configured by the administrator. Once deployed and once communication is established, sensors are configured and managed via the central IntruShield Security Manager (ISM) server. The process of configuring a sensor and establishing communication with the ISM is described in later chapters of this guide. The ISM server is described in detail in IntruShield Security Manager, Getting Started Guide. Sensor functionality The primary function of an IntruShield sensor is to analyze traffic on selected network segments and to respond when an attack is detected. The sensor examines the header and data portion of every network packet, looking for patterns and behavior in the network traffic that indicate malicious activity. The sensor examines packets according to user-configured policies, or rule sets, which determine what attacks to watch for, and how to respond with countermeasures if an attack is detected. If an attack is detected, a sensor responds according to its configured policy. Sensors can perform many types of attack responses, including generating alerts and packet logs, resetting TCP connections, "scrubbing" malicious packets, and even blocking attack packets entirely before they reach the intended target. Sensor platforms McAfee offers multiple sensor platforms providing different bandwidth and deployment strategies. 1