Sie sind auf Seite 1von 5

HUAWEI NIP2000/5000

NIP2100/2200/5100

Huawei Network Intelligent Protection (NIP) systems prevent large and medium-sized enterprises, industrial users, and operators from
Huawei Network Intelligent Protection (NIP) systems prevent large
and medium-sized enterprises, industrial users, and operators from
network threats and help them maintain uninterrupted services.
Using a modular engine design and multiple advanced detection
technologies, the NIP provides virtual patching, web application
protection, client application protection, malicious software control,
anti-DoS, and application awareness and control functions.
Therefore, the NIP guarantees business continuity, data security,
and regulatory compliance for these organizations.
Designed with carrier-class reliability and supporting multiple
special protocols such as MPLS and VLAN, the Huawei NIP can
be flexibly deployed in various scenarios. The NIP supports zero
configuration network access mode and automatically intercepts
Product Overview

Proactive and Comprehensive Protection

The NIP effectively prevents potential or unknown threats with multiple advanced detection technologies:

With the intelligent protocol identification technology, the NIP automatically distinguishes applications from protocols without manual setting of protocol ports.

With the multiple reassembly technology on layers 2 to 7 and the protocol restoration technology, the NIP can present payload at the application layer and the file layer clearly and detect attacks, avoiding the interference of evasive technologies.

With the detection technologies based on vulnerability and attack features, the NIP detects and defenses known threats, such as vulnerabilities exploitation, worms, and Trojans in real time.

With protocol anomaly detection, traffic anomaly detection, and heuristic detection technologies, the NIP detects attacks caused by unknown vulnerabilities and malicious software.

Virtual patching: Among all intrusion detection technologies used by the NIP, the most important one is the vulnerability-based detection technology. This technology can effectively prevent threats caused by vulnerabilities, such as overflow attack and worm infection. Compared with traditional attack feature-based detection technologies, the vulnerability-based detection technology does not generate false positives and can better tackle attacks using evasion technologies.

Relying on more than 200 senior researchers and global data acquisition and attack discovery capabilities, Huawei security research team provides customers with the latest security reports, and release patches

Advantages  Comprehensive defense against new threats    Defense against the latest malicious software,
Advantages
 Comprehensive defense against new threats
Defense against the latest malicious software, zero-day attack,
and Botnet
Defense against application-layer DoS attacks: DNS, HTTP, SIP
More than 200 security researchers for collecting global
threats and upgrading signature in real time
 Accurate detection and intelligent interception
Accurate detection with the vulnerability detection technology
Traffic baseline self-learning without threshold configuration
errors
Automatic interception of attacks on key services without
manual intervention
 Easy to use and low TCO
Zero configuration network access without parameter
modification
Centralized security management and real-time security
monitoring
Visual application traffic
 High availability
Carrier-class hardware design, support for temperature
monitoring and hot-swap fans and power supplies
Support for HA deployment in active-active and active-standby
modes
Support for hardware bypass
1 / 5
Function Overview
Function Overview

periodically (weekly) or immediately (when a major vulnerability is identified). These patches are distributed to customers' IPS devices through the cloud security center so that the IPS devices can defense against attacks immediately after the release of the patch.

Client protection: With the emergence of Web2.0 applications, more and more attacks target browsers and the popular PDF, SWF, JPEC, and Office files. Due to the vulnerabilities of clients, a large number of personal computers become zombies caused by hackers, and important information such as bank account and network password is stolen.

The NIP can deeply parse and detect the coded or compressed content based on protocols and file format (for example, in GZIP or UTF format). It automatically skips the part irrelevant to threats in the parsing process. The NIP provides complete protection for browsers and files and high online performance.

Malicious software control: The NIP can defense Trojans,

adware, and malicious software, and intercepts them based on the communication and broadcasting traffic characteristics. This reduces IT cost and prevents intrusion or disclosure of private and proprietary information.

Web application protection: Many enterprises and institutions have migrated applications to the Web service platform. Intrusion into and attacks on the Web server may have disastrous effect on these organizations. For example, through an SQL injection attack, a hacker may change web pages, obtain the administrator password, and clear the data of the entire website.

The NIP uses an active security mode independent of attack features or mode matching technologies to guarantee implementation of proper application behaviors. With this mode, the NIP can identify good application behaviors and prevent malicious behaviors.

Application awareness and control: The NIP can identify

more than 1000 network applications and fully monitor and manage various network behaviors, such as instant messaging (IM), online games, online video, and online stock trading. This enables enterprises to identify and prevent unauthorized network behaviors, better implement security policies, and improve the working efficiency of employees.

With precise bandwidth allocation strategies, the NIP restricts the bandwidth used by unauthorized applications such as P2P, online video, and large file downloading. The NIP reserves sufficient bandwidth for office applications such as OA and ERP, improving the network access speed.

Infrastructure protection

With the powerful DDoS attack prevention and the traffic model self- learning capability, the NIP can automatically detect and intercept DoS attacks or traffic surge caused by viruses. As a result, the NIP protects network infrastructure such as routers, switches, VoIP systems, DNS, and Web servers from attacks and ensures continuous availability of key services.

Easy Deployment

The NIP, pre-configured with default mature security policies, supports zero configuration network access. Based on advanced engine technologies and high-quality vulnerability-based signature of the policies, the NIP provides high-precision detection capability and automatically intercepts major and severe threats of services without manual intervention.

The NIP supports in-line deployment in transparent mode and off-line deployment. The network and security administrator can select the working mode for a device because the interfaces of the device can work in in-line or off-line mode without network readjustment.

The NIP detects special network encapsulation data such as MPLS, VLAN trunk, and GRE data, and facilitates flexible deployment.

High Availability

The NIP provides reliability and availability at the highest level when the IPS is deployed in in-line mode. NIP supports high reliability configuration (active-standby mode and active-active mode), hot-swap redundant power supply, hot-swap fan, and the electronic hard disk solution. The NIP provides software bypass and hardware bypass function (fail-open). A module or even the entire IPS can be bypassed when it works abnormally.

Centralized Management and Reports

The NIP can monitor, upgrade, and deliver policies at multiple devices in a centralized manner based on the Web-based management mode or through NIP Manager, the centralized management software.

The NIP provides multiple pre-defined policies to satisfy customers' needs of customized policies.

With rich log statistics and reporting functions, the NIP Manager presents the real-time network status, historical information, attack ranking, and traffic trend in different granularities and dimensions. This keeps users informed of network health status and provides guidance for network hardening and IT activity implementation.

Typical Application WAN edge Internet access point Firewall Internet Firewall Firewall Firewall Firewall Front end of
Typical Application
WAN edge
Internet access
point
Firewall
Internet
Firewall
Firewall
Firewall
Firewall
Front end of the
server
Network bypass
monitoring IDS
IDC cluster

Internet access point

Restricts the traffic of P2P and network video applications to

guarantee the bandwidth of normal service. Restricts the use of IM, game, and stock software to

guarantee the working efficiency of employees. Restricts the use of online storage, Web mail, and IM to

prevent internal information of enterprises from being disclosed. Prevents data loss, damage, or zombie caused by network threats to clients on an intranet and the browser.

Network bypass monitoring - IDS

Detects violations of IT policies on the network.

Complies with government's compulsory standards for

confidential networks or confidential-associated networks. Assists the network management system in network

maintenance and provides key troubleshooting information. Helps the organization to obtain certification of standards necessary for company listing and investment invitation.

Front end of the server

 

Intercepts worms and vulnerabilities that target services and

platforms; prevents data damage, tampering, leak, or zombie caused by malicious software. Prevents the servers from DoS/DDoS attacks.

Defenses against new attacks on Web applications, such as

SQL injection, cross-site scripting, scanning, guessing, and snooping attacks. Provides IDC value-added service.

 
 

WAN edge

Isolates networks logically.

Prevents the intrusion of worms or Trojans from extranets.

Monitors disclosures of intranet information to extranets.

Detects and prevents malicious behaviors such as attack probes from extranets.

Specifications

Specifications Model NIP2100 NIP2200 NIP5100 NIP5200 Product performance High-end megabit Low-end gigabit Mid-range gigabit High-end gigabit

Model

NIP2100

NIP2200

NIP5100

NIP5100

NIP5200

 
Model NIP2100 NIP2200 NIP5100 NIP5200 Product performance High-end megabit Low-end gigabit Mid-range gigabit High-end gigabit Extension

Product

performance

High-end megabit

Low-end gigabit

Mid-range gigabit

Mid-range gigabit

High-end gigabit

Extension and I/O

 
Extension and I/O

Dedicated

     

1×GE(RJ45)

management

1×GE(RJ45)

1×GE(RJ45)

1×GE(RJ45)

port

 

4×GE(RJ45)

4×GE(RJ45)

4×GE(RJ45)

4×GE(RJ45)

Fixed interface

4×GE(combo)

4×GE(combo)

4×GE(combo)

4×GE(combo)

Extension slot

2×FIC

3×FIC

3×FIC

3×FIC

     

4×GE(RJ45) BYPASS

4×GE(RJ45) BYPASS

Extension

4×GE(RJ45) BYPASS

2Line(LC/UPC)

BYPASS

4×GE(RJ45) BYPASS 2Line(LC/UPC) BYPASS

2Line(LC/UPC)

BYPASS

2Line(LC/UPC) BYPASS 8×GE(RJ45), 8×GE(SFP)

network port

8×GE(RJ45),

2×XE, 2×XE+8GE

8×GE(RJ45),

8×GE(SFP)

8×GE(RJ45), 8×GE(SFP)

8×GE(SFP)

2×XE, 2×XE+8GE

8×GE(SFP) 2×XE, 2×XE+8GE

Functions and Features

 

Server

All-round server protection, addressing problems including system and service vulnerability exploits, brute force,

protection

SQL injection, and cross site scripting

 
 

Security protection for web browsers and plug-ins (Java and ActiveX) Protection for files with common formats: PDF, Word, Flash, and AVI

 

Client protection

Defense against operating system vulnerabilities, detection of infected systems, and detection of spyware and adware

Infrastructure

Malformed packet attack prevention, special packet control, scanning attack prevention, TCP/UDP flooding attack prevention

protection

Application-layer DDoS attack prevention: HTTP, HTTPs, DNS, SIP, and so on

Traffic model self-learning: setting the threshold of traffic attacks based on normal traffic statistics

Network

Identification and management of more than 1000 application protocols, covering mainstream application

application

protocols including P2P, IM, online games, stock software, voice application, online video, streaming media, Web

management

mail, mobile terminals, and remote login

 
 

Real-time alarm, audible alarm, Syslop, SNMP Trap, E-mail, sending short messages, third-party device linkage,

Alarm response

IP address isolation, attack packet capturing, and real-time session interception

 

Device

GUI-based configuration, hierarchical management, permission-based access control, and centralized device management

management

Periodic upgrade of engine repository, rollback of engine repository, and Intranet upgrade

Log and report

Device status monitoring, event information record backup, log querying and filtering, real-time monitoring of

monitoring

network status, and specialized reports

 

Deployment and

Specialized management port: In-line IPS deployment, off-line IDS deployment, and hybrid deployment

availability

Hardware bypass and HA

 

Integrated System

 
Integrated System

Dimensions

(H×W×D) (mm)

442×560×43.6

442×415×130.5

442×415×130.5

442×415×130.5

Power supply

AC: 100 V to 240 V 50/60 Hz, supporting

AC: 100 V to 240 V 50/60 Hz, supporting

AC: 100 V to 240 V 50/60 Hz, supporting

AC: 100 V to 240 V 50/60 Hz DC: -48 V to -60 V

redundancy

redundancy

redundancy

 

supporting redundancy

Maximum power

150 W

300 W

300 W

300 W

 

Temperature: 0°C to

Temperature: 0°C to 40°C

Temperature: 0°C to

Temperature: 0°C to 40°C

Operating

40°C

humidity: 5% to 95%, non-

40°C

humidity: 5% to 95%, non-

environment

humidity: 5% to 95%,

humidity: 5% to 95%,

non-condensing

condensing

non-condensing

condensing

MTBF

12.67 years

12.67 years

12.67 years

12.67 years