Network Intrusion Prevention Design Guide: Using IBM Security Network IPS

Network Intrusion Prevention Design Guide: Using IBM Security Network IPS

by Axel Buecker, Matthew Dobbs, Dr. Werner Filip, Craig Finley, Vladimir Jeremic, Alisson Quesada, Karl Sigler, Mario Swainson, Joris van Herzele
Released December 2011
Publisher(s): IBM Redbooks
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Every organization today needs to manage the risk of exposing business-critical data, improve business continuity, and minimize the cost of managing IT security. Most all IT assets of an organization share a common network infrastructure. Therefore, the first line of defense is to establish proper network security. This security is a prerequisite for a logical set of technical countermeasures to protect from many different attack vectors that use the network to infiltrate the backbone of an organization.

The IBM® Security Network Intrusion Prevention System (IPS) stops network-based threats before they can impact the business operations of an organization. Preemptive protection, which is protection that works ahead of a threat, is available by means of a combination of line-speed performance, security intelligence, and a modular protection engine that enables security convergence. By consolidating network security demands for data security and protection for web applications, the IBM Security Network IPS serves as the security platform that can reduce the costs and complexity of deploying and managing point solutions.

This IBM Redbooks® publication provides IT architects and security specialists a better understanding of the challenging topic of blocking network threats. This book highlights security convergence of IBM Virtual Patch® technology, data security, and Web Application Protection. In addition, this book explores the technical foundation of the IBM Security Network IPS. It explains how to set up, configure, and maintain proper network perimeter protection within a real-world business scenario.

Table of contents

  1. Notices
    1. Trademarks
  2. Preface
    1. The team who wrote this book
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  3. Part 1: Architecture and design
  4. Chapter 1: Business context for threat and vulnerability management
    1. 1.1: Drivers that influence security
      1. Business drivers that influence security
      2. IT drivers that influence security
    2. 1.2: IBM Security Framework
      1. Security Governance, Risk Management, and Compliance model
      2. Network, Server, and Endpoint domain
    3. 1.3: IBM Security Blueprint
    4. 1.4: Threat and vulnerability management
      1. Security concepts and terminology (1/2)
      2. Security concepts and terminology (2/2)
      3. Threat management
      4. Vulnerability management
    5. 1.5: Conclusion
  5. Chapter 2: Introducing the IBM Security Network IPS solution
    1. 2.1: Intrusion prevention
    2. 2.2: Physical and virtual appliances
      1. Version 4.x generation firmware
      2. Local management interface
      3. Deployment options
      4. Virtual Network IPS appliances
    3. 2.3: IBM Security Network IPS functionality
      1. Zero-day threat protection
      2. Security modules
      3. Advanced IPS
      4. Response Tuning
      5. Firewall
    4. 2.4: Enforcing intrusion prevention policies
    5. 2.5: Centralized management in IBM Security SiteProtector
      1. Managing policies
      2. Policy repositories
      3. Policy versioning
      4. Comparing policies
      5. Integrating IBM Rational AppScan data
    6. 2.6: Conclusion
  6. Chapter 3: IBM Security Network IPS architecture
    1. 3.1: Software components and logical design
      1. Communication between Network IPS and management interfaces
      2. Policy process communication flow
    2. 3.2: Hardware architecture
      1. Packet inspection process flow
    3. 3.3: Protocol Analysis Module
      1. Protocol Analysis Module techniques (1/2)
      2. Protocol Analysis Module techniques (2/2)
      3. Protocol Analysis Module example
      4. IBM Shellcode Heuristics
      5. IBM Injection Logic Engine
      6. JavaScript obfuscation detection
      7. PAM 2.0
    4. 3.4: High availability
      1. Standard HA: Active/active configuration
      2. Standard HA: Active/passive configuration
      3. Geographical HA
    5. 3.5: File system architecture
    6. 3.6: Default users
      1. Root user considerations
    7. 3.7: Conclusion
  7. Chapter 4: IBM Security Network IPS solution design and management
    1. 4.1: Deployment locations
      1. Concept of network zones
      2. Selecting network segments for inspection
      3. Inside or outside the network address translation environment
    2. 4.2: Scaling considerations
    3. 4.3: High availability and external bypass options
      1. General considerations for HA deployment
      2. Asymmetrically routed traffic
      3. Active/passive HA deployments
      4. Geographical HA deployments
      5. External bypass units
    4. 4.4: Setup, licensing, and updating before deployment
    5. 4.5: Tuning the policy before moving to blocking mode
      1. Reasons for policy tuning
      2. Analysis methods
      3. Tuning options (1/2)
      4. Tuning options (2/2)
    6. 4.6: Conclusion
  8. Part 2: Customer scenario
  9. Chapter 5: Overview of scenario, requirements, and approach
    1. 5.1: Company overview
      1. Current IT infrastructure
      2. Security issues within the current infrastructure
    2. 5.2: Business vision
    3. 5.3: Business requirements
      1. IBM Security Framework mapping to business requirements
    4. 5.4: Functional requirements
      1. IBM Security Blueprint mapping to functional requirements
    5. 5.5: Design approach
    6. 5.6: Implementation approach
    7. 5.7: Conclusion
  10. Chapter 6: Phase 1: Design and implementation of IBM Security Network IPS
    1. 6.1: Design
      1. Network zones
      2. Information zones
      3. Network protection mode selection
    2. 6.2: Implementation
      1. Group definitions
      2. GX7800 implementation (1/4)
      3. GX7800 implementation (2/4)
      4. GX7800 implementation (3/4)
      5. GX7800 implementation (4/4)
      6. GX5208 with Active Bypass implementation (1/2)
      7. GX5208 with Active Bypass implementation (2/2)
      8. GX4004 implementation
      9. Registration with IBM Security SiteProtector (1/2)
      10. Registration with IBM Security SiteProtector (2/2)
    3. 6.3: Conclusion
  11. Chapter 7: Phase 2: Policy tuning for IBM Security Network IPS
    1. 7.1: Policy tuning objectives
    2. 7.2: Overview of the IBM Security Network IPS policy
    3. 7.3: False positives versus false alarms
      1. False alarm
      2. False positive
      3. Identifying false positives or false alarms
      4. Types of false positives or false alarms
      5. Examples of false positive identification (1/2)
      6. Examples of false positive identification (2/2)
    4. 7.4: False negatives
      1. Identifying false negatives
      2. Packet capture techniques
      3. Packet capture example
      4. Custom signatures overview
      5. OpenSignatures
      6. OpenSignature example
      7. User Defined Events
      8. User Defined Events example
    5. 7.5: Modifying default settings
      1. Protection domains
      2. Protection domains example
    6. 7.6: Conclusion
  12. Appendix A: Troubleshooting
    1. Location of logs and system messages
    2. Definitions for health and system messages
      1. System
      2. Security
      3. Network
      4. Agent messages
    3. SiteProtector communication
    4. Identifying packet loss
    5. Conclusion
  13. Related publications
    1. IBM Redbooks
    2. Online resources
    3. Help from IBM
  14. Index (1/3)
  15. Index (2/3)
  16. Index (3/3)
  17. Back cover

Product information

  • Title: Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
  • Author(s): Axel Buecker, Matthew Dobbs, Dr. Werner Filip, Craig Finley, Vladimir Jeremic, Alisson Quesada, Karl Sigler, Mario Swainson, Joris van Herzele
  • Release date: December 2011
  • Publisher(s): IBM Redbooks
  • ISBN: None