Arbor Networks Pravail APS 2003
Contents
1. Environmental Temperature operating 50 to 95 F 10 to 35 C Temperature non operating 40 to 158 F 40 to 70 C Humidity non operating 95 Operating humidity 5 85 Non condensing at temperatures 73 to 104 F 23 to 40 C Operating System Our proprietary embedded ArbOS operating system Management SNMP gets v1 v2c SNMP traps v1 v2c v3 CLI Web Ul HTTPS SSH customizable role based management Management Interfaces 2 x 10 100 1000 BaseT Copper RJ 45 serial console port Authentication On device RADIUS TACACS Availability Inline bypass dual power supplies solid state hard drive RAID cluster MTBF 44K Hrs Regulatory Compliance e Complies with RoHS Directive 2002 95 EC Common Criteria Certified EAL 2 2100 series appliances version 5 4 Web Based GUI Supports multi language translated user interfaces Supported Browsers Firefox ESR 24 Firefox 24 Google Chrome 29 Internet Explorer 9 Internet Explorer 10 Safari 6 MANAGEMENT AND SECURITY Simultaneous Connections Not applicable Pravail Availability Protection System does not track connections Protected Endpoints Unlimited Latency Less than 80 microseconds User Configured Protection Groups 50 Reporting and Forensics Real time and historic traffic reporting extensive drill down by protection group and blocked host including total traffic passe2. afi hich was not looked or protection group Mil Way Inc exceeded tne confgured imit The botnet rafte level was 3 0 PM 10 22712 The Pravail Availability Protection Blocked Trai Blocked trati for protection group Mikey Ine exceeded tne contgured Imit The blocked taife level was 28 MBS and 399 py 10722112 System features an easy to navigate easy to manage Web GUI The opening summary page provides an overview of what types of attacks the Pravail Availability Protection System is seeing Top Protection Groups Cloud Signaling amp amp First Line of Defense for Enterprise Multi Layer DDoS Protection Availability attacks come in many forms including low bandwidth attacks aimed at the application layer and or high volume flood attacks Some low bandwidth attacks can cripple the enterprise but still fly under the rader of most provider based in cloud DDoS solutions Flood attacks can saturate Internet links to the data center and are best mitigated within the provider network To adequately address multiple types of attacks enterprises need a comprehensive DDoS solution with both provider based and on premise protection For enterprises battling complex DDoS attacks the Pravail Availability Protection System provides the on premise protection that serves as an enterprise s first line of defense It offers proactive monitoring and blocking against e Application layer DDoS attacks e State exhausting
3. and automatic ATLAS intelligence feeds contribute to low manage ment overhead without sacrificing protection on premises Michael Suby Stratecast Vice President of Research ARBOR Pravail APS 2100 The Pravail Availability Protection System appliance All models utilize the same 2U rack height form factor The appliance is managed and customizable through a Web based GUI ARBOR NETWORKS Corporate Headquarters 76 Blanchard Road Burlington MA 01803 USA Toll Free USA 1 866 212 7267 T 1 781 362 4300 North America Sales Toll Free 1 855 773 9200 Europe T 44 207 127 8147 Asia Pacific T 65 68096226 www arbornetworks com 2014 Arbor Networks Inc All rights reserved Arbor Networks the Arbor Networks logo Peakflow ArbOS Pravail Cloud Signaling Arbor Cloud ATLAS We see things others can t and Arbor Networks Smart Available Secure are all trademarks of Arbor Networks Inc All other brands may be the trademarks of their respective owners DS PRAVAIL5 5 EN 0714 LETTER System Specifications Features Description HARDWARE Physical Dimensions Chassis 2U rack height Height 3 45 inches 8 67 cm Width 17 4 inches 43 53 cm Depth 24 inches 61 cm Weight 41 Ibs 18 5 kg Power Options 2 x AC or 2 x DC redundant hot swappable power supplies 600W max continuous output PMB bus support Hard Drives 2 SSD in RAID 1 2 x 120 GB drives
4. attacks e Volumetric attacks up to link capacity Pravail Availability Protection System customers can enhance their overall protection by using Cloud Signaling With this service organizations can automatically alert upstream service providers when larger attacks threaten availability With Cloud Signaling users can enable cloud mitigation of DDoS attacks down to individual protection groups Can You Afford to Ignore Availability Threats Like DDoS When Internet tacing services are down the impact can have severe business consequences Consider the following Direct Loss of Revenue and Profit This is arguably the largest cost and easiest to calculate measure of downtime For example if an online retailer that makes 40 percent of its revenue in the last two weeks of the year suffers an outage two days before Christmas the financial impact can be devastating Attacks can continue for days even weeks Tarnished Reputation or Brand News travels fast in today s age of information especially when it comes to news regarding service outages or security breaches This negative media coverage could have a major impact on an organization s reputation or brand value Lower Productivity When online services go down the productivity of employees and busi nesses that rely on these services can be drastically reduced A simple calculation shows the impact cost of lost productivity number of employees using the applicati
5. y 0 Ae ee Arbor Leadership Proven and Trusted The vast majority of the world s leading service providers rely on Arbor Networks for DDoS defense If your network service provider offers DDoS defense it is likely using Arbor products Groundbreaking Research Arbor security researchers have a real time view of over 90 Tbps of global Internet traffic This unmatched access to emerging threats enables the Arbor Security Engineering amp Response Team ASERT to develop timely automatic updates to the Pravail Availability Protection System Cloud Signaling Coalition This innovative approach to DDoS defense delivers coordinated cloud and perimeter based protection to the enterprise Providers around the world are rapidly joining the coalition Availability Protection The Pravail Availability Protection System from Arbor uses stateless attack detec tion and filtering This allows Pravail Availability Protection System to remain functional during low volume attacks that are designed to overwhelm and cripple stateful devices such as IPS or firewalls ARBOR NETWORKS Arbor Data Sheet Pravail Availability Protection System Simplitied proven protection for enterprises and data centers Distributed denial of service DDoS attacks present one of today s biggest IT threats for enterprises With the rise of hacktivism cyber terrorism and Internet crime DDoS attacks are growing in size frequency
6. 5 Unknown 4 34 GB 9 65 Mbps 3 25 M packets 903 15 pps We b D oma in sor To p S erv j ces SSL Inspection Many organizations rely on Secure Socket Layer SSL encryption for transmitting data securely Unfortunately attackers can also encrypt their attacks so the Pravail Availability Protection System must also inspect encrypted traffic for threats Using an off box SSL decryption device the Pravail Availability Protection System can inspect data that has been previously encrypted to identify embedded attacks and help block those threats from harm ing the network Once the traffic has been inspected clean encrypted traffic is transmitted to the intended destination Automated and Advanced DDoS Protection Because the cost of downtime is extremely high for many organizations the Pravail Availability Protection System is designed to automatically detect and prevent DDoS attacks with little or no user interaction before services are degraded It also offers simple fallback plans and resolution techniques when attacks cannot be readily identified Moreover the Pravail Availability Protection System can recognize legitimate CDN traffic and will not accidentally block it ATLAS Intelligence Feed Arbor enjoys a close and privileged relationship with leading ISPs around the world Through its extensive network of sensors and data feeds Arbor has real time visibility into over 80 of global Internet traffic This gives Arbor unmatche
7. and sophistication In fact DDoS attacks are increasingly being used as part of the advanced threat landscape In Arbor Networks 9 Annual Worldwide Infrastructure Security Report respondents reported seeing more complex attacks such as botnets or malware in conjunction with DDoS The Pravail portfolio of solutions from Arbor Networks tackles these advanced threats head on by giving organizations an enterprise wide view of all network activities critical attack details for fast remediation and expert level blocking all backed by world class security research With the Pravail Availability Protection System Arbor provides organizations with proven carrier grade DDoS defense technology in a platform designed specitically for enterprise needs The Pravail Availability Protection System helps protect business continuity and avail ability from the growing constellation of application level threats It provides the world s most advanced and sophisticated attack detection and mitigation technology in an easy to deploy appliance designed to automatically neutralize attacks before they impact critical services View a comprehensive snapshot of the system s activities during the last hour Active Alerts Name Description Start Time Total Traffic Traffic for protection group Snickers Ltd exceeded the configured limit The traffic level was 1 2 Mbps and 6 23 Gbps 3 08 PM 10 22 12 trai Bomet atack Botnet
8. d blocked top destination URLs services domains attack types blocked sources top sources by IP location Packet visibility in real time DDoS Protection TCP UDP HTTP S flood attacks botnet protection hacktivist protection host behavioral protection anti spoofing configurable flow expression filtering payload expression based filtering permanent and dynamic blacklists whitelists traffic shaping multiple protections for HTTP DNS and SIP TCP connection limiting fragmentation attacks connection attacks Maximum DDoS Flood Prevention Rate 2000 series Up to 3M pps 2100 series Up to 11 4M pps Modes Inline active inline inactive reporting no blocking SPAN port monitor Real Time Updates ATLAS Intelligence Feed AIF Signature database for over hundreds of families of malware e g slowloris LOIC YoyoDDOS BlackEnergy etc IP location data also updated in real time Notifications SNMP trap syslog email Cloud Signaling Yes collaborative DDoS attack mitigation with service providers Hardware Options 2000 Series Features 2002 2003 Memory 24GB 24GB Inspected Throughput Up to 500 Mbps Up to 1 Gbps HTTP s Connections per Second 111K at recommended protection level 186K filter list only protection Processor Single Intel Xeon CPU 2 40GHz Protection Interface Options e 8 x 10 100 1000 BaseT Copper e 8 x GE SX or 8 x LX Fiber Traf
9. d insight into emerging threats intormation that is used to develop effective countermeasures against the latest attacks ATLAS Intelligence Feed is an update service that automatically provisions the Pravail Availability Protection System appliances with the latest defenses to new threats and updates IP location data all in real time Advanced Web Crawler Service The Pravail Availability Protection System delivers superior availability protection without impacting a Web site s page ranking and search engine results ASERT maintains policies in the ATLAS Intelligence Feed that allow specific Web crawlers to access your site but blocks those that are malicious or irrelevant Visibility Control and Alerting The Pravail Availability Protection System is not a black box While it delivers automated protection from DDoS the Pravail Availability Protection System also provides real time visibility into attacks blocked hosts and even packets It offers the flexibility operators need to alter attack countermeasures and thresholds if required It includes active alerting that notifies security engineers of ongoing attacks that are blocked as well as other network events that may require their attention Real Time and Historical Attack Forensics and Reporting The Pravail Availability Protection System offers detailed attack reports in real time so operators can visually understand the actions taken by the appliance Besides documenting the
10. ed Protection Recommendations with Immediate Out of the Box Blocking The Pravail Availability Protection System features a simple user interface that makes it easy to install configure and use Upon installation the device will immediately begin block ing most attacks from causing harm to the network However it also features an optional calibration period where the product will record and analyze traffic patterns unique to the organization and recommend customized protection settings for that network and its specific applications During this calibration the network remains protected from most threats Top Services bps E TCP 443 HTTPS I TCP 25 SMTP Mon Nov 5 201 200M E TCP 44400 44599 E TCP 30 HTTP 100M E TCP 45200 45399 E UDP 4800 4999 aia E UDP 45000 45199 1835 1935 19 19 19 1905 1910 1915 1920 1923 19 195 iE TCP 22 SSH E TCP 29400 29599 E TCP 57400 57599 Key Graph Service Bytes bps Packets pps The Pravail Availability Protection oO cael TCP 443 HTTPS 16 78 GB 37 29 Mbps 30 74 M packets B54kops S ste m pro vides detailed re po rts n Oo TCP 25 SMTP 153868 34 18 Mbps 47 41 M packets 4 83 pps on attack traffic and allows users i Meader d TCP 44528 Unknown 9 84 GB 21 87 Mbps 6 58 M packets 1 83 kpps to easily enable different ale ck protections based on a variety cess TCP 80 HTTP 9 00 GB 19 99 Mbps 105 00 M packets 29 17 kpps x Pi of factors including IP Location Ci weed TCP 4525
11. fic Bypass Options e Integrated hardware bypass e Internal software bypass to pass traffic without inspection 2100 Series Features 2104 2105 2107 2108 Memory 24 GB 24 GB 24 GB 24 GB Inspected Throughput Up to 2 Gbps Up to 4 Gbps Up to 8 Gbps Up to 10 Gbps HTTP s Connections per Second 368K at recommended protection level 613K filter list only protection Processor 2 Intel Xeon CPU Protection Interface Options e 12 x 10 100 1000 BaseT Copper e 4 x 10 100 1000 BaseT Copper 4 x GE SX Fiber 4 x GE LX Fiber e 12 x GE SX Fiber e 12 x GE LX Fiber e 4x 10GE SR Fiber 4x 10GELR Fiber Bypass Options e Integrated hardware bypass e Internal software bypass to pass traffic without inspection
12. haust critical resources such as link capacity session capacity application service capacity e g HTTP S DNS or back end databases Because such traffic is authorized and does not contain the signature content of known malware it is not stopped by firewalls and IPS In fact as inline stateful inspection devices firewalls and IPS can be frequent victims of DDoS attacks Key Technologies Why Firewall and IPS Devices Do Not Solve the Problem Vulnerable to DDoS e As inline stateful devices they are vulnerable targets of DDoS attacks Attacks e First to be affected by large flood or connection attacks Failure to Ensure e Built to protect against known versus emerging threats Availability e Designed to look for threats within single sessions not across sessions Protection Limited e Address only specific application threats to Certain Attacks e By default they must allow common attack traffic such as TCP port 80 HTTP or UDP port 53 DNS Do not handle attacks containing valid requests Deployed in Wrong e Very close to servers Location e Too close to protect upstream router Incompatible with e Fail to interoperate with cloud based DDoS prevention solutions Cloud Based DDoS e Increase time for response to DDoS attacks Protection Systems Lack of DDoS e Require skilled security experts Expertise e Demand knowledge of attack types before attacks Stateless Analysis Filtering Engine Arbor
13. on x average hourly salary x hours of downtime Penalties Some organizations may face financial penalties if they fail to meet certain availability requirements For example a company that provides a service that is part of a complex supply chain could face stiff penalties for any delays that it Causes Organizations must consider availability threats when developing risk mitigation plans To better understand the direct and indirect costs associated with availability attacks please refer to the Arbor white paper entitled The Business Value of DDoS Protection Arbor also provides another alternative for enhanced DDoS attacks with the Arbor Cloud Using Pravail Availability Protection System as the on premise protection the Arbor Cloud service provides an on demand traffic scrubbing service staffed by Arbors DDoS security experts to quickly defend against volumetric DDoS attacks that are too large to be mitigated on premise Traditional Perimeter Security Solutions Cannot Defend Against DDoS Traditional perimeter security devices such as firewalls and intrusion prevention systems IPS are essential elements of a layered defense strategy but are not designed to solve the DDoS problem Firewalls enforce policies that govern access to data center resources and IPS devices block threats that can exploit known vulnerabilities DDoS is a different problem DDoS attacks consist of legitimate traffic from multiple sources crafted to ex
14. s stateless packet filtering engine provides the foundation for both the Pravail Availability Protection System Unlike load balancers IPS or firewalls this unique packet filtering technology detects and mitigates most DDoS attacks without tracking any ses sion state In cases where tracking is required it only stores minimal information for a short period of time Because it is not stateful the Pravail Availability Protection System can with stand DDoS attacks that target session tables and knock other security appliances offline Further the filtering engine incorporates advanced packet based DDoS countermeasures developed by the Arbor Security Engineering and Response Team ASERT to neutralize multiple categories of advanced threats Centralized Multi Device Management via Pravail Network Security Intelligence The Pravail Threat Console available on Pravail Network Security Intelligence appliances gives organizations a single dashboard to view and manage up to 25 Pravail Availability Protection System devices The Console provides full traffic visibility for each appliance and protection group as well as a central log for all blocked threats In addition administrators have a single console where they can monitor security events and system status manage black and white lists and respond to attacks with easy workflows on the console and single sign on to drill down into individual systems for more detail such as packet captures Customiz
15. se actions in audit logs it provides forensic reports detailing blocked hosts origin countries of attacks and historical trends These easy to understand reports can be given to peers or management to educate them on the threats to service availability and the steps taken to address the attacks Advanced DDoS Defense Gain protection against e Spoofed Non spootfed DoS Attacks e TCP SYN etc ICMP UDP Floods e Botnets e Blackenergy Darkness YoYoDDOo8 etc e Common DoS DDoS Tools e Slowloris Pyloris Pucodex Sockstress Apachekiller e Voluntary Botnets Anonymous etc e HOIC LOIC etc e Application Attacks HTTP URL GET POST Floods e Malformed HTTP Header Attacks e Slow HTTP Request Attacks e SYN Floods Against SSL Protocols e Malformed SSL Attacks e SSL Renegotiation Attacks e SSL Exhaustion Single Source Distributed Source e DNS Cache Poisoning Attacks e DNS Request Floods SIP Request Floods e Custom Attacks Unique to Your Service e Location based IP Addresses The Pravail Availability Protection System also allows user configured custom protection During recent elections our networks were under constant attack We deployed the Pravail Availability Protection System in advance of the elections as a precaution and the attacks were not successful Rene Miranda CIO IFE The Pravail Availability Protection System s ease of use out of box protection readiness
Download Pdf Manuals
Related Search