|
|
Dragon Network Sensor
Powerful network intrusion defense
A sophisticated software and appliance-based network intrusion defense system, the Dragon
Network Sensor identifies misuse and attacks across the network.
Placed at network aggregation points, the Dragon Network Sensor is unmatched in
detecting intrusions via signature, protocol, and anomaly-based techniques. Application-based
event detection detects non-signature-based attacks against commonly targeted applications
including HTTP, RPC and FTP. These multimethod detection techniques, combined with
an extensive, frequently updated signature database and false-positive tuning capabilities,
ensure that no intrusion goes undetected.
When an attack is detected, Dragon Network Sensor employs a variety of Active Response
techniques to block the would-be intruder, including taking action to stop the
sessions and reconfiguring firewall policies or switch and router Access Control Lists.
Dragon Network Sensor offers market-leading deep Forensics capabilities, including
flexible packet capture, complete session reconstruction, and highly configurable Session VCR
(collects all session information for services such as HTTP, FTP, POP and certain IPs or
networks) that is needed to analyze network-based attacks. |
Features & Benefits
Open tunable signatures
- Implementation, modification, and custom creation of signatures to detect the attacks unique to each environment
Multi-interface monitoring
- Combines multiple network interfaces into a single traffic stream, enabling dual-tap—without a switch
IP defragmention and TCP/UDP stream reassembly
- Identifies attackers who attempt to evade an IDS by distributing attacks over multiple packets
Protocol decoding
- Identifies attackers who hide an attack within an application protocol
IDS Denial of Service
- Countermeasures defeat tools such as “stick” and “snort”
Event sniping
- Terminates an attack session via a TCP reset or ICMP unreachable message
Dynamic reconfiguration
- Stops attacks through Checkpoint firewalls and blocks hackers on most commercial switches and routers
Probe prevention
- Defeats or confuses scanning techniques with false responses
Backdoor and rogue server detection
Technical Specifications
| Technical |
| FE100 Dragon Network Sensor Appliance |
Performance rating: 100 Mbps
Architecture: Intel XEON
Memory: 512 MB, 20 GB IDE hard drive
NICs: 2 10/100 copper, 1 10/100/1000 copper
Supports multi-interface monitoring
|
| GE250 Dragon Network Sensor Appliance |
Performance rating: 250 Mbps
Architecture: Dual Intel XEON
Memory: 512 MB, 36 GB SCSI hard drive
NICs: 2 10/100/1000 copper, 1 Gigabit fiber
Supports multi-interface monitoring
|
| GE500 Dragon Network Sensor Appliance |
Performance rating: 500 Mbps
Architecture: Dual Intel XEON
Memory: 1,024 MB, 36 GB SCSI hard drive
NICs: 2 10/100/1000 copper, plus 2 Gigabit fiber or 2 Gigabit
copper NIC configuration
Supports multi-interface monitoring
|
| Physical |
| Form Factor: |
1U rack-mount server chassis for EIA standard 310-D racks |
| Dimensions: |
4.32 cm (1.7") H X 42.9 cm (16.9") W X 58.42 cm (23") D
(FE100 only)
4.32 cm (1.7") H X 42.9 cm (16.9") W X 60.71cm (23.9") D
|
| Front Panel (buttons): |
Power on/off button, system-reset button, ACPI sleep switch
system ID button, and tool-activated NMI switch (FE100 only)
|
| Front Panel (LEDs): |
Power, hard drive activity, network activity (two), and general
system fault |
| Environmental |
| Operating Temperature |
+10° C to +35° C (50° F to 95° F)
+5° C to +35° C (41° F to 95° F) (maximum change not to exceed +10° C) (GE500 only)
|
| Non-operating Temperature |
-40° C to +70° C (-40° F to 158° F) (ambient) |
| Operating Humidity | 95% at 30° C (non-condensing) |
| Power Consumption | Voltage Range: 4.8 Amp at 115V
Voltage Range: 2.9 Amp at 220V
GE500 Only
Voltage Range: 4.96 Amp at 115V
Voltage Range: 2.48 Amp at 220V
|
| Agency and Standards |
| Safety: |
Argentina: IRAM Certificate
Australia/New Zealand: ACA/MED (FE100 only)
Belarus: Bellis Certificate (FE100 only)
Canada: UL 60950 – CSA 60950 (UL and cUL)
China: CNCA (FE100 only), GB4943 (CCC certification)
Europe/CE Mark: EN60950 (complies with 73/23/EEC)
Germany: GS License
International: IEC60950 (CB Report and Certificate)
Nordic Countries: EMKO – TSE (74-SEC) 207/94, (excluding FE100)
Russia: GOST 50377-92
U.S.: UL60950 – CSA 60950 (UL and cUL)
|
| Electromagnetic Compatibility (EMC): |
Australia/New Zealand: AS/NZS 3548 (based on CISPR 22)
Canada: ICES-003
China:GB 9254 and GB 17625 (CCC certification)
Europe/CE Mark: EN55022, EN55024 and
EN61000-3-2;-3-3 (complies with 89/336/EEC)
International: CISPR 22
Japan: VCCI
Korea: RRL, MIC 1997-41 and 1997-42
Russia: GOST 29216-91 and 50628-95
Taiwan: CNS13438 (excluding FE100), BSMI RPC (FE 100 only)
U.S.: FCC, Part 15
|
Ordering Information
| Network Sensor Appliance |
| DSNSA-FE100-TX |
Dragon FE100 Network Sensor Appliance for the small/branch office |
| DSNSA-GE250-TX |
Dragon GE250 Network Sensor Appliance for the regional office, small data center (Copper network interface card) |
| DSNSA-GE250-SX |
Dragon GE250 Network Sensor Appliance for the regional office, small data center (Fiber network interface card) |
| DSNSA-GE500-SX |
Dragon GE500 Network Sensor Appliance for the data center (Fiber network interface card) |
| DSNSA-GE500-TX |
Dragon GE500 Network Sensor Appliance for the data center (Copper gigabit network interface card) |
| Network Sensor Software Licenses |
| DSNSS-E |
Dragon Network Sensor Software for Ethernet Networks (20 Mbps performance) for Linux and Solaris Platforms |
| DSNSS-FE |
Dragon Network Sensor Software for Fast Ethernet Networks (200 Mbps performance) for Linux and Solaris Platforms |
| DSNSS-GE |
Dragon Network Sensor Software for Gigabit Ethernet Networks (1000 Mbps performance) for Linux and Solaris Platforms |
| Sensor/Management Appliances |
| DSISA2-SX |
INS2 Integrated Network Sensor/Server (Fiber network interface card) |
| DSISA2-TX |
INS2 Integrated Network Sensor/Server (Copper network interface card) |
|
