H3C SecBlade Intrusion Prevention System

H3C SecBlade Intrusion Prevention System

1 Overview
The H3C SecBlade Intrusion Prevention System (IPS) is a high-performance intrusion
prevention module for H3C S5800/S7500E/S9500E/S12500 series switches and SR6600/SR8800
routers. Integrating such functions as intrusion detection, intrusion prevention, virus filtering, and
bandwidth management, it installs itself in the industry as the technology-leading integrated
intrusion detection/prevention system. It can perform Layer-4 to Layer-7 in-depth analysis and
detection, and therefore stop network attacks and abuses such as viruses, worms, Trojan horses,
spyware, and webpage tampering in real time. Hence, the H3C SecBlade IPS module provides
complete protection for network infrastructure, applications, and performance.
The SecBlade IPS module can integrate with the network infrastructure seamlessly. It features
plug-and-play installation, high scalability, low administration difficulty, and low maintenance cost.

Figure 1 SecBlade IPS module appearance

2 Features and Benefits

2.1 Powerful Intrusion Prevention Capability

The SecBlade IPS is the only product that integrates the vulnerability database, virus
definitions, and application protocol signature database in the industry. Together with H3C’s
proprietary technology Full Inspection with Rigorous State Test (FIRST), it can exactly identify and
prevent various network attacks and abuses. SecBlade IPS has passed the compatibility
authentication of Common Vulnerabilities and Exposures (CVE). It incorporates the top
achievements in system vulnerability and attack prevention research.

Hangzhou H3C Technologies Co., Ltd. www.h3c.com Page 1 of 5

 H3C SecBlade Intrusion Prevention System

2.2 Professional Virus Inspection and Killing

The SecBlade IPS is integrated with the KasperSky anti-virus engine and virus definitions. It
uses the most advanced anti-virus technologies in the world, including the second generation
heuristic code analysis method, the iChecker realtime monitoring technology, and the unique script
viruses blocking technology, and can therefore kill various file type viruses, network type viruses,
and hybrid viruses in real time. In addition, it incorporates the next generation virtual machine
unpack engine and behavior estimation technologies to kill derived viruses and unknown viruses
accurately.

2.3 Realtime Application Protection

The H3C Security Specialist Group always watches out for security vulnerability bulletins from
well-known security organizations and vendors around the globe. As soon as a security
vulnerability is spotted, the Group performs exact analysis in no time and provides signature
database updates for protection of operating systems, applications systems, and database systems
accordingly. H3C has passed Microsoft Active Protections Program (MAPP) authentication and can
get up-to-date vulnerability information from Microsoft early. Meanwhile, through the honeypot
systems deployed around the world, the Group keeps close track of all emerging attack techniques
and trends and issues signature database updates weekly or, for urgent cases, immediately. Users
can upgrade their SecBlade IPS modules automatically or manually, equipping their SecBlade IPS
modules with capability against the threats in time.

2.4 Network Infrastructure Protection

The SecBlade IPS module features powerful attack defense and traffic pattern self-learning
capabilities. When an attack occurs or the network traffic increases sharply in a short period, the
module can detect, identify, and block the attack or abnormal data flows immediately to protect the
network infrastructure devices such as the routers, switches, VoIP systems, DNS servers,
guaranteeing the operation of the key services.

2.5 Flexible Networking

The SecBlade IPS module can work in transparent mode and features plug-and-play
installation. It can be deployed in online mode or bypass mode. Integrated with rich networking
features, it can be used in complicated networking environments with MPLS, 802.1Q, QinQ, GRE,
and the like.

2.6 High Performance and High Reliability

With its industry-leading multi-core architecture and distributed search engine, the SecBlade
IPS module can provide in-depth detection and defense capabilities at wire speed, even in
Hangzhou H3C Technologies Co., Ltd. www.h3c.com Page 2 of 5
 H3C SecBlade Intrusion Prevention System

complicated application environments with various types of heavy traffic. The delay is at millisecond
level. SecBlade IPS modules can be embedded in switches and routers. This reduces single-point
failures effectively, ensuring that the network systems can provide services even after the modules
fail. The SecBlade IPS module can be deployed in bypass mode to provide IDS functions.

2.7 Low Operation Cost

The SecBlade IPS module can be inserted in an H3C S5800/S7500E/S9500E/S12500 switch

and SR6600/SR8800 routers to provide application layer security protection function. It shares the
management platform of the switch and router, reducing the management difficulty. In addition, it
can use any port of the switch and router, reducing both the initial investment and expansion cost.

3 Specifications
Item Description

H3C S5800/S7500E/S9500E/S12500 series Ethernet switches and

Applicable to
SR6600/SR8800 routers
 35×250×243mm ( 1.38 × 9.84 × 9.57 in.)(for S5800 series switches)
Dimensions (H × W × D)  40.1 × 399.2 × 376.5 mm (1.58 × 15.72 × 14.82 in.)(for
S7500E/S9500E/S12500 series switches and SR6600/SR8800 routers)

Operating temperature 0°C to 45°C (32°F to 113°F)

Operating humidity 10% to 95%, noncondensing

Worms, viruses, Trojan horses, backdoor programs, DoS/DDoS

Target network attack attacks, probing/scanning, spyware, Phishings, attacks exploiting
types vulnerabilities, SQL injection attacks, Buffer overflow attacks, protocol
abnormities, and IDS/IPS bypass attacks

P2P abuses (BitTorent, Thunder, eMule, and eDonkey)

Target network abuse
IM abuses (QQ, ICQ, and MSN)
types
Network video abuses, network games, and stock software

Unique integrated signature database, which combines the attack

signature database, anti-virus signature database, and protocol
Signature database signature database
Supporting both automatic upgrade and manual upgrade

Block, limit, TCP Reset, capture original packets, redirect, quarantine,

Response actions
record logs locally, send Email alarms, and report to syslog

Security policy Factory default security policies

management User-defined security policies

Attack logs
Attack logs query, export, and graphical reporting
management

Hangzhou H3C Technologies Co., Ltd. www.h3c.com Page 3 of 5

 H3C SecBlade Intrusion Prevention System

Item Description

Web (HTTP)
Management modes CLI (Telnet)
Supporting SNMPv3 and compatible with SNMPv2c and SNMPv1

4 Network Scenario

5 Ordering Options
Model Description Remarks

H3C S12500 Gigabit IPS module + one year

LS-LSTM1IPS1A1+1Y signature database upgrade + one year virus Required
definitions upgrade

H3C S7500E Gigabit IPS module + one year

LS-LSQM1IPSSC0+1Y signature database upgrade + one year virus Required
definitions upgrade

LS-LSRM1IPS1A1+1Y H3C S9500E Gigabit IPS module + one year

signature database upgrade + one year virus Required
definitions upgrade

Hangzhou H3C Technologies Co., Ltd. www.h3c.com Page 4 of 5

 H3C SecBlade Intrusion Prevention System

Model Description Remarks

LSWM1IPS10 H3C S5800 Series,IPS&AV Module Required

IM-IPS H3C SR8800 IPS module Required

RT-IPS+1Y-SR66 H3C SR6600 Gigabit IPS module+ one year Required

signature database upgrade + one year virus
definitions upgrade

SecBlade IPS module + one year signature database

LIS-SBIPS-SA-1Y Optional
upgrade + one year virus definitions upgrade

NSQM1IPSM H3C SecCenter Module-IPS Manager-Software(CD) Optional

H3C iMC SecCenter Module,IPS-D

NSQM1IPDM0 Optional
Manager,Software(CD)

Hangzhou H3C Technologies Co., Ltd. www.h3c.com Page 5 of 5