Introduction to Symantec Network Security 7100 Series

Article:TECH112388  |  Created: 2004-01-14  |  Updated: 2005-01-30  |  Article URL http://www.symantec.com/docs/TECH112388
Article Type
Technical Solution


Environment

Issue



This document provides an overview of the Symantec Network Security 7100 Series.


Solution



The Symantec Network Security 7100 Series appliance (7100 Series) is used for network intrusion detection and prevention, and is capable of monitoring multiple network segments at multigigabit speeds. It proactively blocks malicious attacks, including application exploits, worms, denial of service attempts, scans and reconnaissance activities, and blended threats such as MS Blaster and SQL Slammer.

Installation
The steps for installation, in order, are to physically setup the appliance, perform the initial software configuration of the appliance, install the Network Security console software on a Windows or Linux computer, apply the licensing file, and run LiveUpdate to check for product upgrades.

Series 7100 supports customized installation and configuration scripts that are suitable for appliance deployments.

Appliances
The Symantec Network Security 7100 Series appliance is available in three appliance models, as follows:
  • The 7120 model provides up to 200 megabits per second (Mbps) of monitoring for up to four 10/100 network segments.
  • The 7160 model provides up to 2 gigabits per second (Gbps) of monitoring for up to eight 10/100/1000 copper network segments.
  • The 7161 model, which is similar to the 7160 model, provides monitoring for up to four 10/100/1000 copper network segments and up to four 1000 Base-SX fiber network segments.

The actual monitoring rate may vary, and depends on system configuration.

Updates
The 7100 Series uses LiveUpdate for updates such as engine updates, signature updates, and appliance patches.

Compatibility with other security programs
The 7100 Series is compatible with Symantec Network Security 4.0, Symantec Network Security Smart Agents, and Symantec Enterprise Security Architecture (SESA) 2.0.

The 7100 Series can use the Symantec Network Security Smart Agents to respond to events from multiple Symantec and third-party host and network security products.


Key features

Scalable
It is scalable; it can support an aggregate network bandwidth from 50 megabits per second (Mbps) to 2 gigabits per second (Gbps) across as many as eight network segments.

In-line mode
The appliance can be deployed in-line as a transparent bridge in order to allow blocking of malicious network traffic.

Predefined and customizable security policies
The 7100 Series provides predefined policies that have blocking enabled for selected events. You can apply these policies directly, or copy them for customization.

One-click blocking
After you apply a prevention policy to an in-line interface pair, you can enable or disable threat blocking with a single mouse click. Threat blocking and alerting on threats is based on security policies.

Appliance deployment
The 7100 Series includes support for:
  • Multiple inline pairs.
  • Monitoring both passive and inline segments on the same appliance.
  • Continual network monitoring when appliances are deployed with a primary and backup appliance. The backup appliance takes over when the primary fails.
  • Asymmetric routing environments. This support enables detection of attacks for networks that have asymmetric routing.
Fail-open
The optional Symantec Network Security In-line Bypass unit provides fail-open capability while the appliance is deployed in-line. Fail-open prevents the loss of network connectivity if the appliance has an unexpected failure.

Interface grouping
On the 7100 Series, you can group up to four monitoring interfaces together, allowing the sensor to monitor traffic on the group as a whole. This enhances attack detection on asymmetrically routed networks.

Dedicated reset ports
The 7100 Series provides special network interfaces for sending TCP resets to attackers.

Diagnostic utilities
The 7100 Series supports diagnostic utilities for the appliance.

The Symantec Network Security Management Console
The Symantec Network Security 7100 Series is centrally managed via the Symantec Network Security Management Console, which provides comprehensive configuration and policy management, real-time threat analysis, enterprise reporting, and flexible visualization.

The management console:
  • Allows for encrypted communication between the console and up to 120 Symantec Network Security 7100 Series Appliances
  • Provides the ability to define administrative users and grant them varying levels of access
  • Offers multilevel enterprise reporting from executive summaries to detailed event drill-down reports



References
Updates for Symantec Network Security 7100 Series

Symantec Network Security 7100 Series frequently asked questions
Using a Compact Flash with Symantec Network Security 7100 Series
Symantec Network Security 7100 Series documentation
Configuring the appliance for the Symantec Network Security 7100 Series
Cannot see events in the Symantec Network Security console


Technical Information
The appliance's operating system is a minimal Linux kernel, which supports symmetric multiprocessors (SMP) and hyper-threading.




Legacy ID



2004041411292353


Article URL http://www.symantec.com/docs/TECH112388


Terms of use for this information are found in Legal Notices