Advanced protection

Officials at TippingPoint Technologies Inc. have released a new intrusion-prevention system that includes advanced protection against denial-of-service attacks.

UnityOne-100E, the latest addition to the security company's line of intrusion-prevention systems, performs at 100 megabits/sec.

"Denial-of-service is one of the most important [type of attacks] people are trying to protect against," said Andy Salo, director of product management at TippingPoint. More tools and weapons are available to hackers, enabling them to launch more sophisticated and disruptive attacks, he said.

UnityOne systems use statistical traffic anomaly and protocol anomaly protection methods. The systems are updated with the latest vulnerability protection through the company's Digital Vaccine service. All UnityOne systems come with standard denial-of-service protection, which uses threshold filters to block or choke network traffic that goes beyond a defined percentage of normal traffic.

Users welcome any functionality that enhances the UnityOne product line. Security analysts at Los Alamos National Laboratory use several UnityOne-2400 appliances, which perform at 2 gigabits/sec, to monitor network traffic, said Susan Coulter, a network security analyst at the lab.

The appliances were instrumental in blocking the Sasser worm in May from spreading throughout the lab's network, she said, adding that UnityOne is incredibly intelligent and its filters have enabled lab workers to reduce false alarms. "It's an important tool in our toolbox," she said.

TippingPoint's advanced denial-of-service protection blocks attacks known as SYN Floods, established connection floods and connections-per-second floods. SYN Flood attacks overwhelm servers with connection requests from invalid sources. During an established connection flood, an attacker takes control of many computers and directs them to establish connections to a server. During a connections-per-second flood attack, a server is overburdened with a high rate of connections from seemingly valid sources.

TippingPoint's standard denial-of-service protection includes protection against buffer overflow exploits, in which single-packet attacks crash a service or operating system; Zombie drafts, which plant malicious code on infected systems; distributed denial-of-service attacks; and packet floods, which consume network bandwidth or resources.

Officials at Arbor Networks Inc. and Mazu Networks Inc. have been tackling denial-of-service attacks for several years. Products from these companies can detect attacks, but they don't have enforcement capabilities, Salo said.

Arbor's products detect attacks and notify network routers to install access control list filters to block certain IP ranges, Salo said. TippingPoint's product not only detects but can also block attacks, he added.

However, Greg Young, research director for security and privacy at Gartner Inc., said TippingPoint, Arbor and Mazu are in different product classes. TippingPoint's UnityOne is an intrusion-prevention system that works inline on a single network segment. "Arbor and Mazu are more on the network behavior and anomaly-detection side — looking at the greater network via mirror ports," he said. Both classes of products are in the business of detecting denial-of-service attacks, but they use different approaches, Young added.

Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.