DeepNines IPS Firewall is patented technology that provides real-time identification and protection from complex attacks in today’s network security environment. By uniting behavioral and signature-based intrusion prevention (IPS) with deep packet inspection (DPI), IPS Firewall provides advanced inline Web security by inspecting all ports and protocols for attacks and threats. As the forefront of the DeepNines Secure Web Gateway, IPS Firewall defends against denial of service floods and brute force attacks while providing vulnerability detection, anomaly detection and prevention against zero-day exploits to protect your mission-critical applications.
Why You Need IPS Firewall as a Critical Technology in Your Web Security… Web 2.0 and beyond traverses across multiple ports and protocols, not just port 80 (HTTP). Therefore, in order to identify and inspect all Web traffic, a technology or product must:
Sit in-line (or in-band) to inspect all content and applications across all ports and protocols
Perform deep packet inspection in order to perform sophisticated filtering and control traffic at line-speeds (fast)
Solutions that do not provide both in-line and deep packet inspection aspects within the Web security appliances are incomplete and ineffective. For example, UDP is a connectionless protocol that is widely used for broadcasting Web video, audio and general streaming media – all of which does not traverse port 80. If a Web security solution does not perform in-line, deep packet inspection, it will not be able to identify, control and protect the network from UDP traffic.
Understanding the Technology Behind the Technology
Deep Packet Inspection (DPI) combines the functionality of an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) with a traditional stateful firewall. This combination makes it possible to detect certain attacks that neither the IDS/IPS nor the stateful firewall can catch on their own. IPS is important to identify and block complex threats that are often not caught by the existing perimeter firewall. Attacks such as DDoS, DoS, and many others are blocked with IPS. By combining IPS and firewall technology, the Web security solution has the ability to identify and inspect all Web traffic with deep packet inspection capabilities, block complex threats, and perform at line-speeds.
Deep packet inspection (DPI)
Deep packet inspection is the act of inspecting Layer 2 through Layer 7 of the OSI model, including headers and data protocol structures, all at wire speeds. This deep inspection examines and determines protocol non-compliance, viruses, malware (such as worms), spam, Denial of Service (DoS) attacks, intrusions and any other predefined criteria to decide what actions to take on the packet. Deep packet inspection enables advanced security functions as well as Internet data mining. DPI also provides DeepNines with application-layer inspection. Application-layer firewall inspection works on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or FTP traffic), and may intercept all packets traveling to or from an application. Application inspection can prevent all unwanted outside traffic from reaching end-users.
Intrusion prevention system (IPS)
Intrusion prevention systems are used to provide policies and rules for network traffic along with an intrusion detection system for blocking threats and suspicious traffic. IPS can be compared to a combination of IDS and an application layer firewall for protection.
Stateful firewall inspection
Stateful inspection, or dynamic packet filtering, is a firewall architecture that examines a packet based on the information in its header while tracking each connection traversing all interfaces to ensure validity of the traffic. A stateful firewall may examine not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination.
Stateless firewall inspection
Stateless firewall inspection works the same as a stateful inspection except it is extremely fast (performance), and is good for completely blocking or filtering traffic between subnets. Stateless firewall inspection also has benefits for Web security because the Web is intrinsically stateless since each request for a new Web page is processed without any knowledge of previous pages requested.
Additional Technical Information
Transport Layer
Protocols, such as TCP, UDP, SCTP, and DCCP, specify a source and destination port number in their packet headers.
A port is an application-specific or process-specific software construct that serves as a communications endpoint used by Transport Layer protocols of the Internet Protocol Suite, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). A specific port is identified by its number, the IP address it is associated with, and the protocol used for communication. Applications implementing common services will normally listen on specific port numbers which are defined by convention for use with the given protocol.
A protocol is a set of rules that is used by computers to communicate with each other across a network. A protocol is a convention or standard that controls or enables the connection, communication, and data transfer between computing endpoints. Protocols may be implemented by hardware, software, or a combination of the two. At the lowest level, a protocol defines the behavior of a hardware connection.