Juniper Networks IDP800 Intrusion Detection and Prevention Appliance
Protects against network and application-level attacks
| Juniper Networks Products | ||
|---|---|---|
| IDP Series Appliances | ||
| Juniper Networks IDP800 Intrusion Detection and Prevention Appliance - Consists of 2 AC-PS, 2 HDD and 2 GE ports builtin + 2 empty slots for IO cards (Select 4 port GE copper or fiber) |
#IDP800 List Price: $34,000.00 |
|
More pricing below, click here
IDP800 Overview:
Juniper Networks IDP800 Intrusion Detection and Prevention Appliances offer continual intrusion detection security management coverage to the networks and network applications of mid-size and large enterprises and service providers.
With the growing number of applications allowed in from the Internet and the increased exposure to sophisticated network attacks, it’s ever more important for companies to safeguard their networks. Evasive methods of delivering exploits continue to increase and the problem is further compounded by the growing number of application and OS vulnerabilities, as well as the increasing speed with which new attacks are created to exploit these vulnerabilities. Juniper Networks IDP Series Intrusion Detection and Prevention Appliances offer the latest capabilities in in-line network intrusion prevention system (IPS) functionality to manage the use of unwanted applications and protect the network from a wide range of attacks delivered by those allowed applications. IDP Series appliances deliver comprehensive threat coverage and industry-leading response time for maximum protection of network resources.
Juniper Networks® IDP Series Intrusion Detection and Prevention Appliances provide comprehensive management of unwanted applications and easy-to-use in-line protection that stops network- and application-level attacks before they inflict any damage, minimizing the time and costs associated with maintaining a secure network. Using industry-recognized stateful detection and prevention techniques, the IDP Series provides zero-day protection against worms, trojans, spyware, key loggers, and other malware from penetrating the network or spreading from already infected users.
IDP Series Intrusion Detection and Prevention Appliances not only help protect networks against attacks, they provide information on rogue servers, as well as types and versions of applications and operating systems that may have unknowingly been added to the network. Application signatures, available on the IDP Series, go a step further by enabling accurate detection and reporting of volume used by applications such as social networking, peer-to-peer, or instant messaging. Armed with the knowledge of specific applications running in the network, administrators can use application policy enforcement rules to easily manage these applications by limiting bandwidth, restricting their use, or prioritizing them lower with DiffServ marking. Not only can administrators control the access of specific applications, they can ensure that business-critical applications receive a predictable quality of service (QoS) while enforcing security policies to maintain compliance with corporate application usage policies.
Collaborative projects are commonplace in today’s workplace. Making sure that security policies are easily enforced requires knowledge of how those collaborative user groups are formed. The IDP Series works in harmony with Juniper Networks Unified Access Control infrastructure to enforce application and security policies based on user-role information learned from the IC Series Unified Access Control Appliances. The IC Series interacts with companies’ Active Directory (AD) or LDAP servers to assign users to roles and provides host information upon which the IDP Series can act. This extends the application policy enforcement (APE) and IPS rules for management of applications and more control over threats.
Juniper Networks IDP250 and IDP800 Intrusion Detection and Prevention Appliances offer market-leading IPS capabilities for mid-size and large enterprises as well as service providers. Supporting various high availability (HA) options, the IDP250 and IDP800 offer continual security coverage for enterprise and service provider networks.
IDP Series Intrusion Detection and Prevention Appliances are managed by Juniper Networks Network and Security Manager, a centralized, rule-based management solution offering granular control over the system’s behavior. NSM also provides easy access to extensive logging, fully customizable reporting, and management of all Juniper Networks firewall/VPN/IDP Series appliances from a single user interface. With the combination of highest security coverage, granular network control, and visibility and centralized management, the IDP Series is the best solution to keep critical information assets safe.
Features & Benefits:
IDP Series Capabilities
Juniper Networks IDP Series Intrusion Detection and Prevention Appliances offer several unique features that assure the highest level of network security.
| Features | Features Description | Benefits |
|---|---|---|
| Application awareness/identification | This includes use context, protocol information, and signatures to identify applications on any port. | Enable rules and policies based on application traffic rather than ports—protect or police standard applications on non-standard ports. |
| Protocol decodes | More than 60 protocol decodes are supported along with more than 500 contexts to enforce proper usage of protocols. | Accuracy of signatures is improved through precise context of protocols. |
| Predefined and custom signatures1 | More than 6,200 predefined signatures are included for identifying anomalies, attacks, spyware, and applications. Customization of signatures to personalize the attack database is allowed. | Attacks are accurately identified and attempts at exploiting a known vulnerability are detected. Customers fine-tune the attack database specific to their environment to avoid false-positives. |
| Traffic interpretation | Reassembly, normalization, and protocol decoding are provided. | Overcome attempts to bypass other IDP Series detections by using obfuscation methods. |
| Application Volume Tracking (AVT) | This tracks and collects volumetric application usage information. | This aids in proper creation of application policies based on observed network bandwidth consumption by application. |
| Zero-day protection | Protocol anomaly detection and same-day coverage for newly found vulnerabilities are provided. | Your network is already protected against any new exploits. |
| Recommended policy | Group of attack signatures are identified by Juniper Networks Security Team as critical for the typical enterprise to protect against. | Installation and maintenance are simplified while ensuring the highest network security. |
1As of June 2009, there are 6,200 signatures available with daily updates provided.
Traffic Detection Methods
The IDP Series offers a combination of eight different detection methods to accurately identify the traffic flowing through the network. By providing the highest flexibility, the various detection methods also minimize false positives.
| Features | Features Description | Benefits |
|---|---|---|
| Stateful signature detection | Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. | Minimize false positives. |
| Protocol anomaly detection | Protocol usage against published RFCs is verified to detect any violations or abuse. | Proactively protect network from undiscovered vulnerabilities. |
| Backdoor detection | Heuristic-based anomalous traffic patterns and packet analysis detect trojans and rootkits. | Prevent proliferation of malware in case other security measures have been compromised. |
| Traffic anomaly detection | Heuristic rules detect unexpected traffic patterns that may suggest reconnaissance or attacks. | Proactively prevent reconnaissance activities or block distributed denial of service (DDoS) attacks. |
| IP spoofing detection | The validity of allowed addresses inside and outside the network is checked. | Permit only authentic traffic while blocking disguised source. |
| Denial of service (DoS) detection | SYN cookie-based protection from SYN flood attacks is provided. | Protect your key network assets from being overwhelmed with SYN floods. |
| Layer 2 detection | Layer 2 attacks are detected using implied rules for Address Resolution Protocol (ARP) table restrictions, fragment handling, connection timeouts, and byte/length thresholds for packets. | Prevent compromised host from polluting an internal network using methods such as ARP cache poisoning. |
| Network honeypot | Open ports are impersonated with fake resources to track reconnaissance activities. | Gain insight into real-world network threats and proactively defend your network before a critical asset can be attacked. |
Granular Traffic Control
To support a wide range of business requirements, the IDP Series offers granular visibility and control over the flow of traffic in the network. Customers can interact with the IDP Series appliances using an application focus, threat prevention focus, or both by utilizing the application enforcement policy rules and IPS policy rules, respectively.
| Features | Features Description | Benefits |
|---|---|---|
| Application policy enforcement | A rule base is dedicated to managing unwanted applications using any number of actions. | Easily mange the applications allowed into the network while maintaining threats at bay. |
| Active traffic responses | Various response methods are supported including drop packet, drop connection, close client, close server, and close client/server. | Provide appropriate level of response to attacks. |
| Application rate limiting | This defines the amount of bandwidth allowed for an individual or group of applications by direction (client-to-server and server-to-client). | Preserve network resources by controlling the amount of bandwidth consumed by applications allowed into the network. |
| QoS/DiffServ marking | Packets are marked using DiffServ code point (DSCP). | Optimize network and ensure necessary bandwidth for business-critical applications. |
| Passive traffic responses | Several passive responses such as logging and TCP reset are supported. | Gain visibility into current threats on the network with the ability to preempt possible attacks. |
| Recommended actions | Juniper Networks Security Team provides recommendations on appropriate action for each attack object. | Ease of maintenance is provided. Administrators no longer need to research or be aware of appropriate response to each and every threat. |
| IPAction | Disable access at granular level is provided, ranging from specific host down to particular traffic flow for configurable duration of time. | Thwart attempts to launch DDoS attacks detected through traffic anomaly, DoS detection, or network honeypot. |
| VLAN-aware rules | Unique policies are applied to different VLANs. | Apply unique policies based on department, customer, and compliance requirements. |
| MPLS traffic inspection | Network traffic encapsulated in MPLS labels is inspected. | The number of IDP Series sensors is reduced. |
Centralized Management
Centralized management of IDP Series appliances and firewall products is enabled through Network and Security Manager. NSM has tight integration across multiple platforms that enables simple and intuitive network-wide security management.
| Features | Features Description | Benefits |
|---|---|---|
| Role-based administration | More than 100 different activities can be assigned as unique permissions for different administrators. | Streamline business operations by logically separating and enforcing roles of various administrators. |
| Scheduled security update | Automatically update IDP Series appliances with new attack objects/signatures. | Up-to-the-minute security coverage is provided without manual intervention. |
| Domains | Enable logical separation of devices, policies, reports, and other management activities. | Conform to business operations by grouping of devices based on business practices. |
| Object locking | Enable safe concurrent modification to the management settings. | Avoid incorrect configuration due to overwritten management settings. |
| Scheduled database backup | Automatic backup of NSM database is provided. | Provide configuration redundancy. |
| Job manager | View pending and completed jobs. | Simplify update of multiple tasks and IDP Series appliances. |
Logging, Reporting and Notification
The combination of IDP Series appliances and NSM offers extensive logging and reporting capabilities.
| Features | Features Description | Benefits |
|---|---|---|
| IDP reporter | Preconfigured real-time reporting capability is available in each IDP Series appliance. | Provides detailed real-time reports from each IDP Series appliance installed in the network without taxing the central IT organization. |
| Profiler | Captures accurate and granular detail of the traffic pattern over a specific span of time. | Provides details on what threats are encountered by the network, as well as the mix of various application traffic. |
| Security explorer | Interactive and dynamic touch graph provides comprehensive network and application-layer views. | Greatly simplify the understanding of the network traffic as well as details of attacks. |
| Application profiler | Works with application volume tracking feature to display application usage and create application policy enforcement rules. | Quickly identify and control which applications are running on the network by simple log-to-rule creation step. |
Technical Specifications:
Front View
Rear View
| Model: | IDP75 | IDP250 | IDP800 | IDP8200 |
|---|---|---|---|---|
 |
 |
 |
 |
|
| Dimensions and Power | ||||
| Dimensions (W x H x D) |
17 x 1.69 x 15 in (43.2 x 4.3 x 38.1 cm) |
17 x 1.69 x 15 in (43.2 x 4.3 x 38.1 cm) |
17 x 3.4 x 19 in (43.2 x 8.6 x 48.3 cm) |
17 x 3.4 x 19 in (43.2 x 8.6 x 48.3 cm) |
| Weight | 15 lb | 16.5 lb | 27 lb | 41 lb |
| A/C power supply | 100 - 240 VAC, 50 - 60 Hz 4.0 - 2.0 A Max 200 W |
100 - 240 VAC, 50 - 60 Hz 5.0 - 1.5 A Cold swappable, max 300 W |
100 - 240 VAC, 50 - 60 Hz 6.0 - 2.0 A Hot swappable, dual redundant, max 400 W |
100 - 240 VAC, 50 - 60 Hz 10.0 - 4.0 A Hot swappable, dual redundant, max 700 W |
| D/C power supply | N/A | N/A | (Optional) 36 - 75 VDC, 24 - 11 A Hot swappable, dual Redundant, 710 W max |
(Optional) 36 - 75 VDC, 24 - 11 A Hot swappable, dual Redundant, 710 W max |
| Mean Time Between Failures (MTBF) | 75,000 hrs | 73,000 hrs | 108,000 hrs | 73,000 hrs |
| Memory | 1 GB | 2 GB | 4 GB | 16 GB |
| Hard drive | 80 GB | 80 GB | 2 x 74 GB Redundant RAID 1 array | 2 x 74 GB Redundant RAID 1 array |
| Ports | IDP75 | IDP250 | IDP800 | IDP8200 |
| Fixed I/O | Two RJ-45 Ethernet 10/100/1000 with bypass | Eight RJ-45 Ethernet 10/100/1000 with bypass | Two RJ-45 Ethernet 10/100/1000 with bypass | N/A |
| Modular I/O slots | 0 | 0 | 2 | 4 |
| Modular I/O cards | N/A | N/A | • 4-port Gigabit Ethernet copper with bypass • 4-port Gigabit Ethernet fiber SFP • 4-port Gigabit Ethernet SX-bypass |
• 4-port Gigabit Ethernet copper with bypass • 4-port Gigabit Ethernet fiber SFP • 4-port Gigabit Ethernet SX-byPass • 2-port 10 Gigabit Ethernet w/o bypass 2-port 10 Gigabit Ethernet SR-bypass |
| Management | One RJ-45 Ethernet 10/100/1000 | One RJ-45 Ethernet 10/100/1000 | One RJ-45 Ethernet 10/100/1000 | One RJ-45 Ethernet 10/100/1000 |
| High Availability (HA) | N/A | One RJ-45 Ethernet 10/100/1000 | One RJ-45 Ethernet 10/100/1000 | One RJ-45 Ethernet 10/100/1000 |
| Performance | IDP75 | IDP250 | IDP800 | IDP8200 |
| Max session | 100,000 | 300,000 | 1 Million | 5 Million |
| Throughput | 150 Mbps | 300 Mbps | 1 Gbps | 10 Gbps |
| Redundancy | IDP75 | IDP250 | IDP800 | IDP8200 |
| Redundant power | No | No | Yes | Yes |
| DC | No | No | Yes | Yes |
| RAID | No | No | Yes | Yes |
| Built-in bypass | Yes | Yes | Yes | Yes |
| Environment | IDP75 | IDP250 | IDP800 | IDP8200 |
| Operating temperature | 41° to 104° F (5° to 40° C) |
41° to 104° F (5° to 40° C) |
41° to 104° F (5° to 40° C) |
41° to 104° F (5° to 40° C) |
| Storage temperature | -40° to 158° F (-40° to 70° C) |
-40° to 158° F (-40° to 70° C) |
-40° to 158° F (-40° to 70° C) |
-40° to 158° F (-40° to 70° C) |
| Relative humidity (operating) | 8% to 90% noncondensing | 8% to 90% noncondensing | 8% to 90% noncondensing | 8% to 90% noncondensing |
| Relative humidity (storage) | 5% to 95% noncondensing | 5% to 95% noncondensing | 5% to 95% noncondensing | 5% to 95% noncondensing |
| Altitude (operating) | 10,000 ft (3,048 m) |
10,000 ft (3,048 m) |
10,000 ft (3,048 m) |
10,000 ft (3,048 m) |
| Altitude (storage) | 40,000 ft (12,192 m) |
40,000 ft (12,192 m) |
40,000 ft (12,192 m) |
40,000 ft (12,192 m) |
IDP Series Comparison Matrix:
| Model: | IDP75 | IDP250 | IDP800 | IDP8200 |
|---|---|---|---|---|
|
|
|
|
|
| Maximum Throughput | 150 Mbps | 300 Mbps | 1 Gbps | 10 Gbps |
| Maximum Number of Sessions | 100,000 | 300,000 | 1,000,000 | 5,000,000 |
| Operational Modes | Sniffer, Transparent, and Mixed | Sniffer, Transparent, and Mixed | Sniffer, Transparent, and Mixed | Sniffer, Transparent, and Mixed |
| Detection Mechanisms | 8 including Stateful Signatures and backdoor detection | 8 including Stateful Signatures and backdoor detection | 8 including Stateful Signatures and backdoor detection | 8 including Stateful Signatures and backdoor detection |
| Signature Updates | Daily and emergency | Daily and emergency | Daily and emergency | Daily and emergency |
| Number of Traffic Interfaces | Two RJ-45 Ethernet 10/100/1000 with bypass | 8 RJ-45 Ethernet 10/100/1000 with bypass | 2 RJ-45 Ethernet 10/100/1000 with bypass | Any Combination of four Module I/O cards: • 4-port GE Copper with bypass • 4-port GE fiber SFP • 4-port GE SX-bypass • 2-port 10 GE SR-bypass |
| High-Availability Support | N/A | Optional Bypass | Optional Bypass | Optional Bypass |
Documentation:
Download the Juniper Networks IDP Series Datasheet (PDF).
| Juniper Networks Products | ||
|---|---|---|
| IDP Series Appliances | ||
| Juniper Networks IDP800 Intrusion Detection and Prevention Appliance - Consists of 2 AC-PS, 2 HDD and 2 GE ports builtin + 2 empty slots for IO cards (Select 4 port GE copper or fiber) |
#IDP800 List Price: $34,000.00 |
|
| Juniper Networks Accessories | ||
| IDP Interfaces | ||
| IDP Interface comes with fixed 10/100/1000 ports | #IDP-1GE-4COP-BYP List Price: $7,500.00 |
|
| IDP 4 port SFP (non-bypass) | #IDP-1GE-4SFP List Price: $6,000.00 |
|
| IDP Interface comes with fixed SX optics | #IDP-1GE-4SX-BYP List Price: $24,900.00 |
|
| Spares | ||
| Spare Installation media for IDP75, IDP250, IDP800 | #IDP-FLASH List Price: $300.00 |
|
| 74GB Hard Disk | #UNIV-74G-HDD List Price: $2,500.00 |
|