Академический Документы
Профессиональный Документы
Культура Документы
1 Overview
The H3C SecBlade Intrusion Prevention System (IPS) is a high-performance intrusion
prevention module for H3C S5800/S7500E/S9500E/S12500 series switches and SR6600/SR8800
routers. Integrating such functions as intrusion detection, intrusion prevention, virus filtering, and
bandwidth management, it installs itself in the industry as the technology-leading integrated
intrusion detection/prevention system. It can perform Layer-4 to Layer-7 in-depth analysis and
detection, and therefore stop network attacks and abuses such as viruses, worms, Trojan horses,
spyware, and webpage tampering in real time. Hence, the H3C SecBlade IPS module provides
complete protection for network infrastructure, applications, and performance.
The SecBlade IPS module can integrate with the network infrastructure seamlessly. It features
plug-and-play installation, high scalability, low administration difficulty, and low maintenance cost.
The SecBlade IPS is the only product that integrates the vulnerability database, virus
definitions, and application protocol signature database in the industry. Together with H3C’s
proprietary technology Full Inspection with Rigorous State Test (FIRST), it can exactly identify and
prevent various network attacks and abuses. SecBlade IPS has passed the compatibility
authentication of Common Vulnerabilities and Exposures (CVE). It incorporates the top
achievements in system vulnerability and attack prevention research.
The SecBlade IPS is integrated with the KasperSky anti-virus engine and virus definitions. It
uses the most advanced anti-virus technologies in the world, including the second generation
heuristic code analysis method, the iChecker realtime monitoring technology, and the unique script
viruses blocking technology, and can therefore kill various file type viruses, network type viruses,
and hybrid viruses in real time. In addition, it incorporates the next generation virtual machine
unpack engine and behavior estimation technologies to kill derived viruses and unknown viruses
accurately.
The H3C Security Specialist Group always watches out for security vulnerability bulletins from
well-known security organizations and vendors around the globe. As soon as a security
vulnerability is spotted, the Group performs exact analysis in no time and provides signature
database updates for protection of operating systems, applications systems, and database systems
accordingly. H3C has passed Microsoft Active Protections Program (MAPP) authentication and can
get up-to-date vulnerability information from Microsoft early. Meanwhile, through the honeypot
systems deployed around the world, the Group keeps close track of all emerging attack techniques
and trends and issues signature database updates weekly or, for urgent cases, immediately. Users
can upgrade their SecBlade IPS modules automatically or manually, equipping their SecBlade IPS
modules with capability against the threats in time.
The SecBlade IPS module features powerful attack defense and traffic pattern self-learning
capabilities. When an attack occurs or the network traffic increases sharply in a short period, the
module can detect, identify, and block the attack or abnormal data flows immediately to protect the
network infrastructure devices such as the routers, switches, VoIP systems, DNS servers,
guaranteeing the operation of the key services.
The SecBlade IPS module can work in transparent mode and features plug-and-play
installation. It can be deployed in online mode or bypass mode. Integrated with rich networking
features, it can be used in complicated networking environments with MPLS, 802.1Q, QinQ, GRE,
and the like.
With its industry-leading multi-core architecture and distributed search engine, the SecBlade
IPS module can provide in-depth detection and defense capabilities at wire speed, even in
Hangzhou H3C Technologies Co., Ltd. www.h3c.com Page 2 of 5
H3C SecBlade Intrusion Prevention System
complicated application environments with various types of heavy traffic. The delay is at millisecond
level. SecBlade IPS modules can be embedded in switches and routers. This reduces single-point
failures effectively, ensuring that the network systems can provide services even after the modules
fail. The SecBlade IPS module can be deployed in bypass mode to provide IDS functions.
3 Specifications
Item Description
Attack logs
Attack logs query, export, and graphical reporting
management
Item Description
Web (HTTP)
Management modes CLI (Telnet)
Supporting SNMPv3 and compatible with SNMPv2c and SNMPv1
4 Network Scenario
5 Ordering Options
Model Description Remarks