Datasheet

ManualsBrandsEnterasys ManualsNetworkingDSNSA7-FE100-TX

Page 1 of 6 • Data Sheet

Dragon

7 Network Intrusion Detection

and Prevention

• Stealth Network Intrusion Prevention appliances that stop

offenders from ever entering the network

• New industry-leading VoIP protocol decoders protect network from

DOS attacks

• High-speed Gigabit capacity for network defense

• Z e r o Day event detection using a comprehensive multi-method appro a c h

• Key component of Enterasys’ Dynamic Intrusion Response solution

Powerful Network Intrusion Defense

A sophisticated software- and appliance-

based network intrusion defense system,

the Dragon Network Sensor identifies

misuse and attacks across the network.

D r a g o n ’s advanced Intrusion Prevention

(IPS) technology is designed to block

attackers, mitigate denial of service attacks

and prevent information theft while

remaining totally invisible to the network.

Built upon Dragon’s award-winning Intrusion

Detection technology, the IPS will alert on

the attack, drop the offending packets,

terminate the session for TCP- and UDP-

based attacks, and dynamically establish

firewall rules that can keep the source of

the threat off the network indefinitely or

for a configurable period of time. Known

sources of attacks can be stopped from

ever entering the network by enabling

“Black Lists,” while key corporate resources

or trusted networks are always allowed to

pass via “White Lists.”

Dragon comes ready “out of the box” with

a large library of attacks it can be configured

to mitigate immediately. Dragon’s Network

IPS can leverage the thousands of vulner-

ability- and exploit-based signatures in

Dragon’s threat libraries as a basis for

network control and threat defense.

Dragon IPS is available only on currently

shipping Dragon appliances. However, it’s

important to note that almost all of the

Dragon IDS appliances can be converted

into IPS appliances by simply purchasing

an add-on license. Customers are not

required to buy all new appliances if they

want to specify certain ones for IPS. Dragon’s

IPS appliances ensure a high degree of

reliability and redundancy, including fail-

safe bypass options.

Placed at the network edge or at key

aggregation points, the Dragon Network

Sensor is unmatched in detecting security

events such as network misuse, network

intrusions, system exploits and virus or

spyware propagations. Dragon uses a

multimethod approach to identify attacks:

pattern matching, protocol analysis and

anomaly-based techniques. Application-

based event detection detects non-signa-

ture-based attacks against commonly

targeted applications including HTTP,

RPC and FTP.

With Dragon 7.2, industry-leading VOIP

protocol decoders are provided for SIP

and H.323, which can identify malformed

messages and prevent damaging DOS

attacks. Also with Dragon 7.2, a new

state-of-the-art signature language is

introduced, which provides the ability to

test arithmetical byte sequences, com-

bined with multiple pattern matches and

Perl Compatible Regular Expressions

while maintaining state. Thresholding can

now be done at the signature level and is

customizable for each virtual sensor.

Signatures continue to be in an open tun-

able XML based format.

• In-line Network Intrusion

Prevention appliances

— P r otects the network fro m

attackers and keeps them

f r om re t u rn i n g

• High performance

architecture

— Gigabit-speed performance

even with protocol

decoding, anomaly detec-

tion and pattern matchers,

active simultaneously

• Virtual Sensor support

— Allows one sensor to act

as multiple unique sensors

• Protocol decoding

— New VoIP decoders identify

attackers who hide an

attack within the protocol

• New state-of-the-art

signature language

— Incorporates regular

expressions, compound

pattern matchers, thresh-

olding and state tracking

• IDS/IPS Evasion Counter

Measures

— Identifies/blocks attackers

who attempt to evade

Dragon with fragmented

packets and stre a m s

• Dynamic response

— Enables Enterasys’ DIR;

supports provisioning

response actions in

firewalls, switches, routers

• Event sniping

— Terminates an attack

session via a TCP reset or

ICMP unreachable message

• Probe prevention

— Defeats scanning

techniques with false

responses

17079,9013766-4_Drag_NS_DS 1/25/06 4:36 PM Page 1

Summary of content (6 pages)

PAGE 1
7079,9013766-4_Drag_NS_DS 1/25/06 4:36 PM Page 1 Dragon® 7 Network Intrusion Detection and Prevention • In-line Network Intrusion Prevention appliances — Protects the network from attackers and keeps them from returning • High performance architecture — Gigabit-speed performance even with protocol decoding, anomaly detection and pattern matchers, active simultaneously • Virtual Sensor support — Allows one sensor to act as multiple unique sensors • Protocol decoding — New VoIP decoders identify attacke
PAGE 2
17079,9013766-4_Drag_NS_DS 1/25/06 4:36 PM Page 2 Additionally, many Dragon signatures and alert options are designed to detect Zero Day attacks. These multimethod detection techniques— combined with an extensive, frequently updated signature database and false positive tuning capabilities— ensure that no threat and policy violations go undetected. Dragon’s Adaptive Match Engine and multithreaded application gain significant performance through software.
PAGE 3
17079,9013766-4_Drag_NS_DS 1/25/06 4:36 PM Page 3 Specifications Technical Specifications IDS Software Dragon Network Sensor Software for Ethernet Part Numbers: DSNSS7-E Performance rating: 20 Mbps Dragon Network Sensor Software for Fast Ethern e t Part Numbers: DSNSS7-FE Performance rating: 200 Mbps Dragon Network Sensor Software for Gigabit Ethernet Part Numbers: DSNSS7-GE Performance rating: 1 Gbps or greater Network Sensor Software is supported on the following operating systems: Fedora Core, Redhat
PAGE 4
17079,9013766-4_Drag_NS_DS 1/25/06 4:36 PM Page 4 Specifications (continued) Agency and Standards Specifications Electromagnetic Compatibility (EMC) (Class A) Safety Argentina: IRAM Certificate Australia/New Zealand: ACA/MED (FE100 only) Belarus: Bellis Certificate (FE100 only) Canada: UL 60950 – CSA 60950 (UL and cUL) China: CNCA (FE100 only), GB4943 (CCC certification) Europe/CE Mark: EN60950 (complies with 73/23/EEC) Germany: GS License International: IEC60950 (CB Report and Certificate) Nordic Cou
PAGE 5
17079,9013766-4_Drag_NS_DS 1/25/06 4:36 PM Page 5 Ordering Information (continued) Network IPS Add-Ons to Existing Dragon IDS Appliances DSIPS7-FE100-TX Dragon IPS Add-on to FE100, includes copper fail-safe bypass dual-port network interface card DSIPS7-GE250-TX Dragon IPS Add-on to GE250, includes copper fail-safe bypass dual-port network interface card DSIPS7-GE250-SX Dragon IPS Add-on to GE250, includes fiber fail-safe bypass dual-port network interface card DSIPS7-GE500-TX Dragon IPS Add-on to GE500
PAGE 6
17079,9013766-4_Drag_NS_DS 1/25/06 4:36 PM Page 6 Warranty As a customer-centric company, Enterasys is committed to providing the best possible workmanship and design in our product set. The Dragon product family includes a ninety (90) day warranty for software that covers defects in media only, and a one (1) year warranty for hardware. Service and Support Enterasys understands that superior service and support is a critical component of Networks that Know.