Implement Security Policy

· Create rules to enforce access control policy

· Control ports, protocols, and direction

· Implement policy schedule based on operational needs

• Limit exposure to application vulnerabilities

• Dynamically open and close networking ports

· Provide Forensic Information

• Monitor and log all network connections

· Provide In-Line Protection

• React and intervene against any rule violations

Stateful Inspection

· Inspect all packets against the rules for their protocol

• Network, transport, and application layer protocols (e.g. IP, TCP & UDP, FTP…)

• Validate packet and header size, content, addresses

· Track all connections to ensure adherence to protocol

• Establish state on connection based protocols

• FTP, RealAudio, PPTP, and MS-RPC

• Establish pseudo-state based on context for connection-less protocols

• UDP, DNS, GRE, ping, traceroute, and ICMP

· Benefits

• Ensures context of all traffic is genuine and timely

• Prevents a range of attacks, i.e., session hijack and piggyback attacks

Active Intrusion Prevention

· Stop malicious incoming network traffic in real-time

· In-line detection and intervention against:

• Known attack signatures

• Suspicious activity signatures

• Rate-based attacks like port scans or SYN floods

· Integrated with packet filter/access control

• Real-time reaction to intrusions