735
SonicOS Enhanced 4.0 Administrator Guide
CHAPTER 58
Chapter 58: Activating Intrusion Prevention Service
Security Services > Intrusion Prevention Service
SonicWALL Intrusion Prevention Service (SonicWALL IPS) delivers a configurable, high
performance Deep Packet Inspection engine for extended protection of key network services
such as Web, e-mail, file transfer, Windows services and DNS. SonicWALL IPS is designed to
protect against application vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware
and backdoor exploits. The extensible signature language used in SonicWALL’s Deep Packet
Inspection engine also provides proactive defense against newly discovered application and
protocol vulnerabilities. SonicWALL IPS offloads the costly and time-consuming burden of
maintaining and updating signatures for new hacker attacks through SonicWALL’s industry-
leading Distributed Enforcement Architecture (DEA). Signature granularity allows SonicWALL
IPS to detect and prevent attacks based on a global, attack group, or per-signature basis to
provide maximum flexibility and control false positives.
SonicWALL Deep Packet Inspection
Deep Packet Inspection looks at the data portion of the packet. The Deep Packet Inspection
technology includes intrusion detection and intrusion prevention. Intrusion detection finds
anomalies in the traffic and alerts the administrator. Intrusion prevention finds the anomalies in
the traffic and reacts to it, preventing the traffic from passing through.
Deep Packet Inspection is a technology that allows a SonicWALL Security Appliance to classify
passing traffic based on rules. These rules include information about layer 3 and layer 4 content
of the packet as well as the information that describes the contents of the packet’s payload,
including the application data (for example, an FTP session, an HTTP Web browser session,
or even a middleware database connection). This technology allows the administrator to detect
and log intrusions that pass through the SonicWALL Security Appliance, as well as prevent
them (i.e. dropping the packet or resetting the TCP connection). SonicWALL’s Deep Packet
Inspection technology also correctly handles TCP fragmented byte stream inspection as if no
TCP fragmentation has occurred.