VIEWS: 30 PAGES: 2 POSTED ON: 11/11/2011
Annexure V IPS(Intrusion Prevention System(IPS) Features Compliance (Yes/No) 1. IPS should be available as a plug-n-play appliance. 2. Should supports open source as the underlying operating system (not a proprietary OS). 3. Monitoring interfaces should operate at layer 2, thus requiring no IP address or network reconfiguration. 4. To get layered approach to security firewall and IPS should be of different brands 5. The appliance should have Layer 7 inspected throughput of 200 Mbps 6. Should not induce Latency into the Network more than 150 microseconds 7. The appliance monitors upto 1 inline segment and has 2 10/100/1000 monitoring interfaces for the same. 8. IPS should have 21,000 new connections per second. 9. IPS should have 1, 200,000 concurrent sessions. 10. The appliance should have separate dedicated 10/100/1000 Mbps interface for management console. None of the monitoring ports should be used for this purpose. 11. The IPS should be deployable in the following modes: Passive or IDS mode,Inline Protection Inline Simulation 12. IPS vendor should have its own original threat intelligence analysis center and is not overly dependent on information available in the public domain. 13. IPS should detect and block all known, high risk exploits along with their underlying vulnerability (not just one exploit of that vulnerability). 14. IPS should detect and block zero-day attacks without requiring an update. 15. IPS should employ full seven-layer protocol analysis of over 190 internet protocols and data file format. 16. IPS should operate effectively and protect against high risk, high impact malicious traffic via default out of box configuration, should be able to block more than 1100 attacks by default. 17. IPS should perform stateful packet inspection 18. IPS should detect and block malicious web traffic on any port. 19. Should support TCP stream reassembly. 20. Should support IP defragmentation. 21. Should support Protocol anomaly detection 22. Should support Bi- directional inspection 23. Should detect attacks within protocols independent of port used 24. Should support behavioral heuristics to detect security threat 25. Should support Shell Code Heuristic 26. Should support RFC Compliance 27. Should support protocol tunneling 28. IPS should do attack recognition inside IPv6 encapsulated packets 29. IPS should do active blocking of traffic based on pre-defined rules to thwart attacks before any damage is done. 30. Accurately detects intrusion attempts and discerns between the various types and risk levels including unauthorized access attempts, pre-attack probes,suspicious activity, DoS, DDoS, vulnerability exploitation, brute force,hybrids, and zero-day attacks. 31. Allows full policy configuration and IPS sensor control via encrypted communications with remote management system. 32. Can enable/disable each individual signature. 33. Each signature should allow granular tuning. 34. Supports assigning of ports to custom applications. 35. Filters traffic based on IP address or network range, protocol, and service in support of organizational security policy to allow/disallow specific types of activity between hosts. 36. Should support Active/Passive and Active/Active for the appliance, the HA should be out of the box solution and should not requires any third party or additional software for the same. 37. HA solution should support High Protection that is should maintain state such that there is no gap in protection during failure of one of the appliances. 38. IPS should fail open in case of power, software or hardware failure when deployed in stand alone mode. 39. IPS should notify console of unit interruption. The console should receive alert and/or provide additional notification to administrator should any component become non- operational or experience a communications problem. 40. IPS should have built in ticketing system. 41. IPS should inspect and block unwanted PII and sensitive content disclosure across multiple protocols. The IPS should have inbuilt signatures for this purpose 42. IPS management and reporting solution which shall be available in both options of purpose built appliance and software. 43. IPS Management console should support high availability. 44. IPS should support granular management. Should allow policy to be assigned per device, port ,VLAN tag, IP address/range 45. IPS centralized management console should manage all the products network,host and Vulnerability Assessment solutions. 46. Management Console should be able to integrate and correlate with vulnerability assessment solution of the same brand. 47. IPS should offer variety of built-in responses including console alerts,database logging, email notifications, SNMP traps, offending packet captures,and packet captures. 48. IPS should offer Includes built-in reports. The console should be capable of producing graphical metrics and time-based comparison reporting. 49. IPS vendor should have 24/7 security service update and should support real time signature update. 50. IPS vendor product models should have been tested/ certified for NSS, Tolly tested and ICSA.
Pages to are hidden for
"IPS Annexure V IPS"Please download to view full document