Filter
Top Products
SONICWALL SONICOS STANDARD 3.0 ADMINISTRATOR’S GUIDE
285
SonicWALL Intrusion Prevention Service
C
HAPTER
47
Chapter 47: Managing SonicWALL
Intrusion Prevention Service
SonicWALL Intrusion Prevention Service
SonicWALL Intrusion Prevention Service (SonicWALL IPS) delivers a configurable, high performance
Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail,
file transfer, Windows services and DNS. SonicWALL IPS is designed to protect against application
vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The
extensible signature language used in SonicWALL’s Deep Packet Inspection engine also provides
proactive defense against newly discovered application and protocol vulnerabilities. SonicWALL IPS
offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker
attacks through SonicWALL’s industry-leading Distributed Enforcement Architecture (DEA). Signature
granularity allows SonicWALL IPS to detect and prevent attacks based on a global, attack group, or
per-signature basis to provide maximum flexibility and control false positives.
Note: Refer to the SonicWALL Intrusion Prevention Service Administrator’s Guide on the Resource
CD or the SonicWALL documentation Web site at <http://www.sonicwall.com/services/
documentation.html> for complete instructions.
SonicWALL IPS Features
• High Performance Deep Packet Inspection Technology - SonicWALL’s Intrusion Prevention
Service features a configurable, high-performance Deep Packet Inspection engine that uses paral-
lel searching algorithms on incoming packets through the application layer to deliver increased
attack prevention capabilities over those supplied by traditional stateful packet inspection firewall.
By performing all of the matching on packets, SonicWALL IPS eliminates the overhead of having
to reassemble the data stream. Parallel processing reduces the impact on the processor and max-
imizes available memory for exceptional performance on SonicWALL security appliances.
• Inter-Zone Intrusion Prevention - SonicWALL IPS provides an additional layer of protection
against malicious threats by allowing administrator’s to enforce intrusion prevention not only
between each network zone and the Internet, but also between internal network zones. This is per-
formed by enabling intrusion prevention on inbound and outbound traffic between trusted zones
(SonicOS Enhanced).
• Extensive Signature Database - SonicWALL IPS utilizes an extensive database of over 1,700
attack and vulnerability signatures written to detect and prevent intrusions, worms, application
exploits, as well as peer-to-peer and instant messaging traffic. The SonicWALL Deep Packet
Inspection engine can also read signatures written in the popular Snort format, allowing Son-
icWALL to easily incorporate new signatures as they are published by third parties. SonicWALL