Attack Mitigator IPS 1000
July 01, 2003
Corero Network SecurityProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
Quick to set up and get running as no routing adjustments are needed.
Sits behind the WAN link so can do nothing to stop bandwidth saturation there.
A complementary item designed to work in tandem with other security products.
Top Layer Networks' Attack Mitigator lies at the traditional end of intrusion prevention. It aims to defend against both internal and external hackers using denial-of- service (DoS) and distributed denial-of-service (DDoS), as well as giving broad protection against other well-known attacks. This is done using a mixture of stateful inspection hardware and packet inspection software.
With this product came Top Layer's SecureWatch data collector software, used to report on network flow by taking data collected from other Top Layer products within the network.
The box may be deployed between the WAN router and the perimeter firewall of the network, as well as outside the firewall or in front of public-facing servers and internal server farms. It analyses data packets for attacks by comparing them against a range of packet sequence signatures, packet filters, TCP, ICMP and UDP flow counters as well as HTTP URL filters. When the product suspects a dubious packet it pulls it into a 'discard' port for later analysis. This allows for deployment without changing the routing pattern of the network.
Setting up was largely easy to accomplish. The front panel of the appliance houses twelve ports: one each for the internal and external networks, six for other internal and external network segments, and four further ports for management, flow mirroring and 'discarded' packets. Also available are two optical ports for fiber connections.
Installation involved connecting to the box via a serial port to configure initial IP settings on the management LAN. Once set, the box could connect to an isolated management LAN we set up on the test network. From here the browser-based console takes over for the rest of the configuration.
We set the box to 'mitigate' mode to see what kind of possible attacks it could pick up. We tried a SYN flood attack to overload our server behind the Attack Mitigator but failed as the product limits the number of partial TCP connections. As it sat behind the router it was difficult to stop flooding of the WAN link.
The browser console uses a number of filters to protect against these attacks and others like them. Not only does it protect against a single hacking attempt but it can carry out connection and bandwidth limiting to groups of server and from groups of clients.
The network-based approach to defense will easily complement a network's firewall and detection systems.
Sign up to our newsletters
SC Magazine Articles
- 'Sexy Girls' wallpaper app in Google Play store accessed account info
- Zeus variant targeting Canadian banks, U.S. banks may also be a target
- New attack uses ransomware to drop trojans and keyloggers
- 'GHOST' bug in Linux library enables remote takeover of victim's system
- Firm finds link between Regin spy tool and QWERTY keylogger
- Report: From Q3 to Q4, 90 percent increase in global DDoS attacks observed
- Researchers observe databases being encrypted, websites held for ransom
- ZeroAccess botnet reactivates, click fraud activity resumes
- BCBS of Tennessee shares personal data on 80K in marketing campaign
- Tips for organizations in the wake of the biggest corporate hack in history