IntruGuard IG2000 is IntruGuard’s rugged model useful for data centers. This model has redundant power supplies and redundant hard disks. It supports copper or fiber interfaces. Initial license starts at 4 VIDs and 1 Internet link protection. These can be upgraded to 8 VIDs, 2 Internet links protection as the business grows. Such a license based upgrade ensures that the initial investment is protected for future.
| Feature |
IG2000 |
| Submodels |
- IG2000-4 with 4 VIDs
- IG2000-8 with 8 VIDs
|
| Packet Inspection Technology |
- Granular Packet Inspection
- Stateful Analysis Firewall
- Chip(ASIC, FPGA)
- Continuous, Adaptive rate limiting
|
| Multi-Verification Process |
- Dynamic Filtering
- Active Verification
- Anomaly Recognition
- Protocol Analysis
- Rate Limiting
- White-list, Black-list, Non-tracked subnets
- State Anomaly Recognition
- Stealth Attack filtering
- Dark address scan prevention
- Source Tracking
- Legitimate IP address Matching (for anti-spoofing)
|
| Flood Prevention Schemes |
- SYN Cookie, ACK Cookie, SYN Retransmission
- Connection Limiting
- Aggressive Aging
- Legitimate IP Address Matching
- Source Rate Limiting
- Source Tracking
- Granular Rate-limiting
|
| Packet Inspection Depth |
|
| Layer 3 Floods Handled |
- Protocol Flood (all 256)
- Fragment Flood,
- Source Flood,
- Destination Flood,
- Dark Address Scan
|
| Layer 4 Floods Handled |
- TCP Ports (all 64K),
- UDP Ports (all 64K),
- ICMP Type/Codes (all 64K),.
- Connection Flood,
- SYN Flood,
- Excessive SYNs/Source/Second,
- Excessive Connections Establishment/second,
- Zombie Flood,
- Excessive Connection/Source flood,
- Excessive Connections/Destination flood,
- TCP state violation floods
|
| Layer 7 Floods Handled |
- Opcode Flood
- HTTP URL GET Flood
- User-agent Flood
- Referer Flood
- Cookie Flood
- Host Flood
|
| Realtime diagnostics |
- Top 100 Servers
- Top 100 Tuples
- Top 100 Ports
- Top 100 Currently Denied Sources
- Top 100 Sources
- Top 100 URLs
- Top 100 User-Agents
- Top 100 Referers
- Top 100 Hosts
|
| Visibility, ACLs, Bandwidth Controls |
Yes |
| Traffic and Event Analysis |
Yes |
| Reconnaissance and
Header and State Anomaly Prevention |
Yes |
| No. of Virtual Identifiers |
4, 8 |
| Aggregate Throughput |
2000 Mbps
(1000 Mbps Full Duplex) |
| Simultaneous Connections |
1,000,000 |
| Session Setup/Teardown Rate |
100,000/second |
| SYN Flood Handling capacity |
3M packets/second |
| Latency |
Under 50 microseconds |
| DDoS Attack Mitigation
Response Time |
Under 2 seconds |
| Physical Interfaces |
4×10/100/1000 Mbps Copper, optioal Fiber
(2 can be used for HA or for Forensics)
1×10/100 Mbps Copper for Management |
| Redundancy |
Redundant Power Supplies
Redundant Hard Disks |
| Propgate Link State Change (PLSC)/ Link Down Synchronization |
Yes |
| Chassis |
2-U rack mountable |
| Field Upgradability |
Can be upgraded in field through a license file to support 2000 Mbps (1000 Mbps Full Duplex) and up to 8VIDs |
| Management |
|
| Centralized Event Reporting |
- GUI
- SNMP
- Email/Pager
- Support for MRTG, Cacti
|
| Audit and Access Trails |
- Login trail
- GUI access trail
- Audit trail for configuration changes
|
| Links Protected |
One Internet Link is protected by default. Second link is protected on payment of additional license fees. |
Model
Feature |
IG2000-4 |
IG2000-8 |
| Power Supply |
Redundant |
Redundant |
| Hard Disk |
Redundant |
Redundant |
| Hard Disk Space (GB) |
250 |
250 |
| Interface speed (Mbps) |
1000 |
1000 |
| Interface Type |
Copper
Optional Fiber |
Copper
Optional Fiber |
| Packets per second handling capability under attack |
3 M PPS |
3 M PPS |
| Attack Mitigation Time |
<2 seconds |
<2 seconds |
| VIDs
(Independent policy sets) |
4 |
8 |
| Networks/ VID |
64 |
64 |
| Dark Address Subnets (for blocking continents, countries, subnets) |
64 |
64 |
| Non-tracked Subnets
(For whitelisting networks) |
64 |
64 |
| No. of Sources monitored |
1M |
1M |
| No. of Destinations monitored |
1M |
1M |
| No. of Concurrent Connections monitored |
1M |
1M |
| No. of concurrent three-way handshakes monitored |
2M |
2M |
| No. of ports monitored |
64Kx4 |
64Kx8 |
| Layer 7 Floods – HTTP URLs tracked |
8,192/VID x 4 VIDs |
8,192/VID x 8 VIDs |
| Layer 7 Floods- Cookie Flood, User-agent flood, Hostname Flood, Referer Flood |
64 hashes/VID for each of the items x 4 VIDs |
64 hashes/VID for each of the items x 8 VIDs |
