As an integrated approach to network security in the organization, packetLiner supports security capabilities including:
• Application filtering : Identify and control all applications based on application blacklist tables like ACL
• URL filtering : Control over web browsing activity based on URL blacklist database
• Signature-based known threats filtering : Identify all applications, across all ports all the time, thereby stop exploits, malware, spying tools and dangerous files
• Defeating DDoS attacks : ingress filtering to prevent DDoS flooding attack from overwhelming a machine
or network, or reject all traffic with a destination of the target for DDoS attack
Today, we are commonly spending more and more time on favorite website or using the latest and greatest web application. This unfettered web surfing and application use exposes organizations to security and business risks. Stand-alone URL filtering solutions are insufficient control mechanisms because they are easily bypassed with external proxies. Therefore controlling users' application activity requires an integrated approach that implements policies to control web activity and the applications that are commonly used to bypass traditional security mechanisms.
In addition to subscriber, service, and application-aware traffic visibility and control, URL blacklist filtering can be used as a kind of policy-based traffic control for the purpose of network security. Instead of creating policies that are limited to either allowing all or blocking all behavior, the URL category as a match criteria allows for flexible policies to control employee and network activity. Examples of how using URL categories can be used in policies include:
• Control web browsing through customized ACL or blacklists
• Enable bandwidth control for designated service categories by creating traffic control policies for specified
In addition to querying a master URL database in the system manager, to account for site specific traffic
patterns, enable to customize URL database and categories
[ Blocking Hazadous Web Sites ]
Defeating DDoS Attacks
ISPs believe that DDoS attacks against services and applications will cause them the most problems. The size and frequency of these attacks have grown dramatically as attackers take advantage of botnets and other high-speed internet access technologies. What are the main differences between the network-level and the application-level regarding information security? Network-level attack talks more about vulnerabilities at the IP layer, for instance, IP spoofing, TTL expiry attack, packet flooding, IPSEC VPN attack. Whereas application-level attack talks about software vulnerabilities, which are designed to exploit service weaknesses in vulnerable backend infrastructures. Therefore, they usually pinpoint specific applications with smaller, more targeted and stealthy attacks that attempt to target well-known applications such as HTTP, DNS, VoIP or SMTP. In most cases, the applications that attackers are trying to exploit or target are well known and must be "allowed" through perimeter security devices such as firewalls or IPS devices.
To defeat these types of application-level DDoS, packetLiner provides the three-layered security infrastructure that based on real-time subscriber, service, and application-aware traffic monitoring, spontaneous alert reporting as the result of abnormal network traffic detection and measurement, and proactive real-time protections to the enforcement points.
Since all DDoS attacks share the common object of attempting to overwhelm a victim with an abundant amount of traffic that is difficult to detect or filter, it is the first principle of DDoS defense to detect such indicative symptoms as fast as possible. For fast DDoS detection, packetLiner has three main capabilities:
signature-based detection, anomaly based detection, and trace-back mechanism.