ADTRAN Intrusion Prevention Service (ADTRAN IPS) delivers a configurable, high
performance Deep Packet Inspection engine for extended protection of key network services such as Web, e-mail, file transfer, Windows services and DNS. ADTRAN IPS is designed to protect against application vulnerabilities as well as worms, Trojans, and peer-to-peer, spyware and backdoor exploits. The extensible signature language used in ADTRAN’s Deep Packet Inspection engine also provides proactive defense against newly discovered application and protocol vulnerabilities. ADTRAN IPS offloads the costly and time-consuming burden of maintaining and updating signatures for new hacker attacks through ADTRAN’s industry-leading Distributed Enforcement Architecture (DEA). Signature granularity allows ADTRAN IPS to detect and prevent attacks based on a global, attack group, or per-signature basis to provide maximum flexibility and control false positives.
Deep Packet Inspection looks at the data portion of the packet. The Deep Packet Inspection
technology includes intrusion detection and intrusion prevention. Intrusion detection finds anomalies in the traffic and alerts the administrator. Intrusion prevention finds the anomalies in the traffic and reacts to it, preventing the traffic from passing through.
Deep Packet Inspection is a technology that allows a firewall to classify passing traffic based
on rules. These rules include information about layer 3 and layer 4 content of the packet as well as the information that describes the contents of the packet’s payload, including the application data (for example, an FTP session, an HTTP Web browser session, or even a middleware database connection). This technology allows the administrator to detect and log intrusions that pass through the firewall, as well as prevent them (i.e. dropping the packet or resetting the TCP connection). ADTRAN’s Deep Packet Inspection technology also correctly handles TCP fragmented byte stream inspection as if no TCP fragmentation has occurred.
Deep Packet Inspection technology enables the firewall to investigate farther into the protocol
to examine information at the application layer and defend against attacks targeting application vulnerabilities. This is the technology behind ADTRAN Intrusion Prevention Service. ADTRAN’s Deep Packet Inspection technology enables dynamic signature updates pushed from the ADTRAN Distributed Enforcement Architecture.
The following steps describe how the ADTRAN Deep Packet Inspection Architecture works:
|
|
•
|
Deep Packet Inspection
- looking at the data portion of the packet. Enables the firewall to investigate farther into the protocol to examine information at the application layer and defend against attacks targeting application vulnerabilities.
|
|
|
•
|
Intrusion Detection
- a process of identifying and flagging malicious activity aimed at information technology.
|
|
|
•
|
Signature
- code written to detect and prevent intrusions, worms, application exploits, and Peer-to-Peer and Instant Messaging traffic.
|
If you do not have ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention
Service installed on your firewall, the Security
Services > Anti-Spyware
page indicates an upgrade is required and includes a link to activate it from your firewall management interface.
Because ADTRAN Intrusion Prevention Service is part of the unified ADTRAN Gateway Anti-
Virus, Anti-Spyware, and Intrusion Prevention Service, you will have a single License Key to activate all three services on your firewall.
You must activate the ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention
Service license from the Security Services > Intrusion Prevention
page first. Once you have activated Intrusion Prevention Service, you can then activate ADTRAN Gateway Anti-Virus and ADTRAN Anti-Spyware.
To activate a ADTRAN Gateway Anti-Virus, Anit-Spyware, and Intrusion Prevention Service on
your firewall, you need the following:
|
|
•
|
SonicOS Enhanced 3.1 or newer
. Your firewall must be running SonicOS Enhanced 3.1 or newer for ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service.
|
Creating a NetVanta Security Portal account is fast, simple, and FREE. Simply complete an
online registration form in the firewall management interface.
|
Step 2
|
If the
System > Status
page is not displayed in the management interface, click System
in the left-navigation menu, and then click Status
.
|
|
Step 3
|
On the
System > Status
page, in the Security Services
section, click the Register
link in Your
ADTRAN is not registered. Click here to
Register
your ADTRAN
.
|
|
Step 4
|
In the
NetVanta Security Portal account Login
page, click the here
link in If you do not have
a myADTRAN account, please click
here
to create one
.
|
|
Step 5
|
In the
myADTRAN Account
page, enter in your information in the Account Information
, Personal Information
and Preferences
fields. All fields marked with an asterisk (*
) are required fields.
|
|
Step 6
|
Click
Submit
after completing the MyADTRAN Account
form.
|
To register your firewall, perform the following steps:
|
Step 2
|
If the
System > Status
page is not displaying in the management interface, click System
in the left-navigation menu, and then click Status
.
|
|
Step 3
|
On the
System > Status
page, in the Security Services
section, click the Register
link. The NetVanta Security Portal account Login
page is displayed.
|
|
|
–
|
Client Anti-Virus
- Provides desktop and server anti-virus protection with software running on each computer.
|
|
|
–
|
Anti-Spyware
- Protects your network from malicious spyware by blocking spyware installations at the gateway and disrupts.
|
Click
Continue
on each page.
|
|
Note
|
Clicking on the
Continue
button does not activate the FREE TRIAL versions of these ADTRAN Security Services.
|
|
Step 6
|
At the top of the
Product Survey
page, Enter a “friendly name” for your firewall in the Friendly
Name
field. The friendly name allows you to easily identify your firewall in your NetVanta Security Portal account.
|
You can try FREE TRIAL versions of ADTRAN Gateway Anti-Virus, ADTRAN Anti-Spyware,
and ADTRAN Intrusion Prevention Service. You must activate each service separately from the Manage Services Online table on the System > Licenses
page or by clicking the FREE TRIAL link on the respective Security Services page (i.e. Security Services > Gateway Anti-Virus
).
To try a FREE TRIAL of ADTRAN Gateway Anti-Virus, ADTRAN Anti-Spyware, or ADTRAN
Intrusion Prevention Service, perform these steps:
|
Step 1
|
Click the
FREE TRIAL
link on the Security Services > Gateway Anti-Virus,
Security Services > Anti-Spyware
, or Security Services > Intrusion Prevention
page. The NetVanta Security Portal account Login
page is displayed.
|
|
Step 3
|
Click
Try
in the FREE TRIAL
column in the Manage Services Online
table. The service is enabled on your security appliance.
|
Because ADTRAN Intrusion Prevention Service is part of ADTRAN Gateway Anti-Virus, Anti-
Spyware, and Intrusion Prevention Service. The Activation Key you receive is for all three services on your firewall.
If you do not have a ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention
Service. license activated on your firewall, you must purchase it from a ADTRAN reseller or through your NetVanta Security Portal account (limited to customers in the USA and Canada).
If you have an Activation Key for ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion
Prevention Service, perform these steps to activate the combined services:
|
Step 1
|
On the
Security Services > Intrusion Prevention
page, click the ADTRAN Intrusion
Prevention Service Subscription
link. The NetVanta Security Portal account Login
page is displayed.
|
|
Step 3
|
Click
Activate
or Renew
in the Manage Service
column in the Manage Services Online
table.
|
|
Step 4
|
Type in the Activation Key in the
New License Key
field and click Submit
. ADTRAN Intrusion Prevention Service is activated. The System > Licenses
page is displayed with the Anti-Spyware and Gateway Anti-Virus links displayed at the bottom of the Manage Services Online
table with the child Activation Keys.
|
|
Step 6
|
Click
Submit
. If you have activated a FREE TRIAL version or are renewing a license, the renew screen is displayed that shows the expiration date of the current license and the expiration date of the updated license. Click Renew
.
|
|
Step 8
|
Click
Submit
. If you have activated a FREE TRIAL version or are renewing a license, the renew screen is displayed that shows the expiration date of the current license and the expiration date of the updated license. Click Renew
.
|
Congratulations!
You have activated the ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention Service.
If you activate the ADTRAN Gateway Anti-Virus, Anti-Spyware, and Intrusion Prevention
Service subscription on NetVanta Security Portal account, the activation is automatically enabled on your firewall within 24-hours or you can click the Synchronize
button on the
Security Services > Summary
page to immediately update your firewall.
Activating the ADTRAN Intrusion Prevention Service license on your firewall does not
automatically enable the protection. To configure ADTRAN Intrusion Prevention Service to begin protecting your network, you need to perform the following steps:
Selecting
Security Services > Intrusion Prevention
displays the configuration settings for ADTRAN IPS on your firewall.
The
Intrusion Prevention Service
page is divided into three sections:
|
|
•
|
IPS Status
- displays status information on the state of the signature database, your ADTRAN IPS license, and other information.
|
|
|
•
|
IPS Global Settings
- provides the key settings for enabling ADTRAN IPS on your firewall, specifying global ADTRAN IPS protection based on three classes of attacks, and other configuration options.
|
|
|
•
|
IPS Policies
- allows you to view ADTRAN IPS signatures and configure the handling of signatures by category groups or on a signature by signature basis. Categories are signatures grouped together based on the type of attack.
|
After activating your Intrusion Prevention Service license, you must enable and configure
ADTRAN IPS on the ADTRAN management interface to before intrusion prevention policies are applied to your network traffic.
ADTRAN IPS must be globally enabled on your firewall by checking the
Enable IPS
check box in the IPS Global Settings
section. A checkmark in the Enable IPS
check box turns on the service on your firewall.
|
|
Note
|
Checking the
Enable IPS
check box does not automatically start ADTRAN IPS protection. You must also n the IPS Global Settings
section.You must specify a Prevent All
action in the Signature Groups
table to activate intrusion prevention on the firewall, and specify the interface or zones you want to protect.
|
ADTRAN IPS allows you to globally manage your network protection against attacks by simply
selecting the class of attacks: High Priority Attacks
, Medium Priority Attacks
, and Low
Priority Attacks
. Selecting the Prevent All
and Detect All
check boxes for High Priority
Attacks
and Medium Priority Attacks
in the Signature Groups
table, and then clicking Apply
protects your network against the most dangerous and disruptive attacks.
|
|
Note
|
Leaving the
High Priority Attacks
, Medium Priority Attacks
, and Low Priority Attacks
signature groups with no Prevent All
action checked means no intrusion prevention is occurring on the firewall.
|
You apply ADTRAN IPS to zones on the
Network > Zones
page to enforce ADTRAN IPS not only between each network zone and the WAN, but also between internal zones. For example, enabling ADTRAN IPS on the LAN zone enforces ADTRAN IPS on all incoming and outgoing LAN traffic.
In the
IPS Status
section of the Security Services > Intrusion Prevention Service
page, click the Network > Zones
link to access the Network > Zones
page. You apply ADTRAN IPS to a zone listed on the Network > Zones
page.
To enable ADTRAN on a zone, perform these steps:
|
Step 1
|
In the firewall management interface, select
Network > Zones
or from the IPS Status
section, on the Security Services > Intrusion Prevention
page, click the Network > Zones
link. The Network > Zones
page is displayed.
|
|
Step 2
|
In the
Configure
column in the Zone Settings
table, click the edit icon  for the zone you want to apply ADTRAN IPS. The Edit Zone
window is displayed.
|
|
Step 3
|
Click the
Enable IPS
checkbox. A checkmark appears. To disable ADTRAN IPS, uncheck the box.
|
You also enable ADTRAN IPS protection for new zones you create on the
Network > Zones
page. Clicking the Add
button displays the Add Zone
window, which includes the same settings as the Edit Zone
window.