Version 5.2 Sourcefire 3D System Installation Guide 17
Introduction to the Sourcefire 3D System
Sourcefire 3D System Components
Chapter 1
Network Traffic Management
The Sourcefire 3D System’s network traffic management features allow Series 3
devices to act as part of your organization’s network infrastructure. You can:
• configure a Layer 2 deployment to perform packet switching between two
or more network segments
• configure a Layer 3 deployment to route traffic between two or more
interfaces
• perform network address translation (NAT)
• build secure VPN tunnels from virtual routers on managed devices to
remote devices or other third-party VPN endpoints
FireSIGHT
FireSIGHT™ is Sourcefire’s discovery and awareness technology that collects
information about hosts, operating systems, applications, users, files, networks,
geolocation information, and vulnerabilities, in order to provide you with a
complete view of your network.
You can use the Defense Center’s web interface to view and analyze data
collected by FireSIGHT. You can also use this data to help you perform access
control and modify intrusion rule states.
Access Control
Access control is a policy-based feature that allows you to specify, inspect, and
log the traffic that traverses your network. As part of access control, the Security
Intelligence feature allows you to blacklist—deny traffic to and from—specific IP
addresses before the traffic is subjected to deeper analysis.
After Security Intelligence filtering occurs, you can define which and how traffic is
handled by targeted devices, from simple IP address matching to complex
scenarios involving different users, applications, ports, and URLs. You can trust,
monitor, or block traffic, or perform further analysis, such as:
• intrusion detection and prevention
• file control
• file tracking and network-based advanced malware protection (AMP)
Intrusion Detection and Prevention
Intrusion detection and prevention is a policy-based feature, integrated into
access control, that allows you to monitor your network traffic for security
violations and, in inline deployments, to block or alter malicious traffic. An
intrusion policy contains a variety of components, including:
• rules that inspect the protocol header values, payload content, and certain
packet size characteristics
• rule state configuration based on FireSIGHT recommendations
To Next Page
Loading...