Advanced protection

Officials at TippingPoint Technologies Inc. have released a new intrusion-prevention system that includes advanced protection against denial-of-service attacks.

UnityOne-100E, the latest addition to the security company's line of intrusion-prevention systems, performs at 100 megabits/sec.

"Denial-of-service is one of the most important [type of attacks] people are trying to protect against," said Andy Salo, director of product management at TippingPoint. More tools and weapons are available to hackers, enabling them to launch more sophisticated and disruptive attacks, he said.

UnityOne systems use statistical traffic anomaly and protocol anomaly protection methods. The systems are updated with the latest vulnerability protection through the company's Digital Vaccine service. All UnityOne systems come with standard denial-of-service protection, which uses threshold filters to block or choke network traffic that goes beyond a defined percentage of normal traffic.

Users welcome any functionality that enhances the UnityOne product line. Security analysts at Los Alamos National Laboratory use several UnityOne-2400 appliances, which perform at 2 gigabits/sec, to monitor network traffic, said Susan Coulter, a network security analyst at the lab.

The appliances were instrumental in blocking the Sasser worm in May from spreading throughout the lab's network, she said, adding that UnityOne is incredibly intelligent and its filters have enabled lab workers to reduce false alarms. "It's an important tool in our toolbox," she said.

TippingPoint's advanced denial-of-service protection blocks attacks known as SYN Floods, established connection floods and connections-per-second floods. SYN Flood attacks overwhelm servers with connection requests from invalid sources. During an established connection flood, an attacker takes control of many computers and directs them to establish connections to a server. During a connections-per-second flood attack, a server is overburdened with a high rate of connections from seemingly valid sources.

TippingPoint's standard denial-of-service protection includes protection against buffer overflow exploits, in which single-packet attacks crash a service or operating system; Zombie drafts, which plant malicious code on infected systems; distributed denial-of-service attacks; and packet floods, which consume network bandwidth or resources.

Officials at Arbor Networks Inc. and Mazu Networks Inc. have been tackling denial-of-service attacks for several years. Products from these companies can detect attacks, but they don't have enforcement capabilities, Salo said.

Arbor's products detect attacks and notify network routers to install access control list filters to block certain IP ranges, Salo said. TippingPoint's product not only detects but can also block attacks, he added.

However, Greg Young, research director for security and privacy at Gartner Inc., said TippingPoint, Arbor and Mazu are in different product classes. TippingPoint's UnityOne is an intrusion-prevention system that works inline on a single network segment. "Arbor and Mazu are more on the network behavior and anomaly-detection side — looking at the greater network via mirror ports," he said. Both classes of products are in the business of detecting denial-of-service attacks, but they use different approaches, Young added.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1986, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group