Main functions – H3C Technologies H3C SecBlade IPS Cards User Manual

3

•

SecBlade IPS cards adopt the multi-core high-performance processor and high-speed memory, and

thus can ensure the processing of security services without affecting the normal operation of the

main network device.

•

Multiple slots on the main network device can accommodate SecBlade IPS cards. You can plug

multiple SecBlade IPS cards in to a main network device for service expansion, meeting the update
requirements of enterprise and carrier networks.

Main Functions

SecBlade IPS cards provide the following main functions.

1.

Application layer based attack detection and defense

SecBlade IPS cards adopt the proprietary engine of H3C, Full Inspection with Rigorous State Test (FIRST).

The FIRST engine provides multiple detection technologies, and improves the preciseness of attack

detection by implementing full inspection based on rigorous state. It adopts concurrent detection

technology and supports flexible hardware&sofware configurations, greatly improving the intrusion
detection performance. The FIRST engine integrates protocol identification and characteristic matching.

It uses protocol identification to identify application layer protocols and detect abnormal protocols, and

uses characteristic matching to determine attacks. Only the traffic matching the specific attacking

characteristics of a detected abnormal protocol is considered as an attack. This method greatly improves

inspection preciseness and reduces false positive and false negative rates.

2.

DDoS defense

SecBlade IPS cards can provide Distributed Denial of Service (DDoS) defense in various network

environments by performing deep analysis of DDoS attacks (including SYN flood, RST flood, ACK flood,
UDP flood, ICMP flood, Connection flood, CPS flood, DNS query flood and HTTP get flood), and using

advanced defense algorithms.

3.

AV function

SecBlade IPS cards are integrated with the KasperSky anti-virus engine and virus definitions. The engine

adopts advanced anti-virus technologies such as the second generation heuristic code analysis method,

iChecker real-time monitoring and unique script virus interception, and can scan and kill viruses of

various types, such as file type, network type and mixed type. In addition, it incorporates the next

generation virtual machine unpack engine and behavior estimation technologies to kill derived viruses
and unknown viruses accurately.

4.

URL filtering

SecBlade IPS cards provide the URL filtering function, which allows you to define URL filtering rules that

support regular expression to filter specific web pages.

5.

Application based bandwidth control

Based on protocol identification, which can identify more than 1000 protocols, SecBlade IPS cards can

perform flexible bandwidth control to ensure bandwidth for critical applications by limiting non-critical

applications from using bandwidth.

6.

Various actions

SecBlade IPS cards provide various actions to be taken on detected abnormal traffic, including stop,

restrict, TCP reset, get original packets, redirect, isolate, report syslogs, and record local logs. You can

combine actions as needed, and SecBlade IPS cards also provide some commonly used action
combinations.

7.

Unified management and policy assignment