Data Sheet | McAfee Network Protection Solutions

McAfee IntruShield 1200, 1400, and 2700 Network IPS Appliances

Award-winning, next-generation intrusion prevention solution delivering best-in-class proactive
prevention of zero-day and DoS attacks, spyware, malware, botnets, and VoIP threats

No business is immune to security threats, no matter and critical network infrastructure from known, zero-
day, and DoS attacks, as well as threats like spyware, VoIP
how large or small. The risks to small and medium-
vulnerabilities, botnets, malware, network worms, Trojans,
sized businesses (SMBs) and other organizations and peer-to-peer applications.
continue to grow as the rising number of new
IntruShield’s unparalleled technology preemptively
vulnerabilities and the speed and sophistication of blocks attacks before they reach their intended targets,
attacks that exploit those vulnerabilities pose an while providing absolute accuracy and mission-critical
ever-increasing threat to your business. The rise and performance for all network environments. Its integrated
protection and easy-to-manage platform delivers broad
evolution of new hybrid attacks that use multiple
asset protection, maximized business availability, reduced
techniques to attack your network infrastructure liability, and security-cost avoidance. And IntruShield’s
means that enterprises of all sizes must constantly powerful policy enforcement, advanced forensics, and
defend themselves against these shifting threats. comprehensive reporting capabilities help small and large
businesses comply with audit and regulatory requirements.
Traditional, reactive security technology alone cannot ensure
network availability, integrity, and data confidentiality. Due IntruShield is the industry’s first risk-aware intrusion
to the inadequate ability of traditional technology to provide prevention solution, enabling SMBs to deploy prioritized
proactive threat detection and prevention, businesses remain risk management through intelligent, highly targeted threat
vulnerable to sophisticated and highly targeted zero-day and prevention. By integrating with market-leading McAfee
Denial of Service (DoS) attacks, as well as spyware, malware, Foundstone® vulnerability management (VM) solutions—as
and Voice over IP (VoIP) threats. Small businesses need to well as open-source vulnerability assessment (VA) systems
defend their critical network infrastructure by deploying such as Nessus—IntruShield reduces business risk,
advanced, proactive protection against vulnerability-based increases operational efficiencies, and maximizes security
threats and attacks. Furthermore, companies of every size by providing the ability to identify and block the most
are under intense regulatory and audit pressure to ensure the relevant threats and attacks targeting your network.
privacy of confidential data and decrease business risk. IntruShield’s built-in VoIP protection, spyware prevention,
For comprehensive, proactive network protection against a and advanced Web-client protection maintains business-
broad range of today’s threats and attacks, SMBs and other critical applications, reduces IT costs, and secures
organizations need to deploy next-generation intrusion confidential information by blocking spyware, malware,
prevention. The proven and award-winning McAfee® botnets, and VoIP threats. Its unrivaled ASIC-based
IntruShield® network intrusion prevention system (IPS) architecture, deep packet inspection, and patented shell-
delivers the most comprehensive, accurate, and scalable code detection deliver unequaled zero-day protection.
threat protection. IntruShield helps SMBs assure the The innovative IntruShield architecture is purpose-built
availability and security of critical network infrastructure for long product life cycles, providing continuous next-
through proactive and comprehensive threat prevention. generation security and feature enhancements. This allows
for continuous protection against the latest threats and
The McAfee IntruShield IPS Solution vulnerabilities—including spyware, malware, botnets, SYN
flood, and VoIP threats—while never requiring hardware
The McAfee IntruShield family of award-wining, next-
upgrades. IntruShield’s architecture integrates patented
generation IPS appliances enables SMBs and enterprises
signature, anomaly, DoS, and distributed DoS (DDoS)
to reduce business risk by deploying the industry’s most
analysis techniques, enabling highly accurate threat
comprehensive and proven network IPS solution. Their
detection and prevention that blocks attacks before they
purpose-built platforms proactively protect endpoints

Downloaded from www.Manualslib.com manuals search engine

 Data Sheet | McAfee Network Protection Solutions

inflict damage. IntruShield’s next-generation technology k Unrivaled botnet prevention —Industry’s only network-
delivers unparalleled features, including “out-of-the-box” based security solution to provide comprehensive,
default IPS blocking, pre-configured Recommended for layered, and proactive blocking of malicious distributed
Blocking policies, built-in spyware and VoIP protection, botnets. IntruShield protects against the growing threat
virtual IPS, and an integrated internal firewall. And the of botnets by identifying them as a distinctive category
IntruShield portfolio of appliances is backed by McAfee— of attack and proactively blocking their installation,
the largest dedicated security company and the most communication, and activation through the Internet
trusted name in the industry. k VoIP vulnerability protection —IntruShield’s integrated
VoIP security proactively protects mission-critical VoIP
Features and Benefits infrastructure and applications by accurately detecting
and blocking known, zero-day, and DoS attacks.
Comprehensive protection IntruShield protects against underlying VoIP protocol
k Broad threat prevention —IntruShield’s purpose- vulnerabilities while preserving VoIP application and
built intrusion prevention appliances deliver the voice-quality integrity
most comprehensive threat prevention by proactively k Encrypted attack prevention —Industry’s first and
protecting endpoints and network infrastructure from only network IPS to securely and proactively protect
known, zero-day, and DoS attacks, as well as threats like against both clear-text and encrypted attacks (I-2700).
spyware, VoIP vulnerabilities, malware, botnets, network IntruShield’s advanced, real-time SSL decryption and
worms, Trojans, and peer-to-peer applications inspection technology dramatically increases network
k Built-in anti-spyware protection—Provides enhanced security coverage by protecting critical e-commerce
security by integrating multi-layered protection against infrastructure
spyware, adware, dialers, keyloggers, password crackers, k IPS and internal firewall —Integrated network IPS and
and remote-control programs. IntruShield’s spyware stateful internal firewall capabilities deliver unrivaled
protection helps reduce IT costs, prevents potential privacy internal system protection, network infrastructure
breaches, and protects confidentiality by proactively protection, and enterprise-wide policy enforcement
preventing the download of these unwanted programs
while blocking spyware communication and propagation Accurate protection
k Built-in, advanced Web-client protection —Proactively k Risk-aware intrusion prevention—Risk-aware IPS
protects Web browsers and desktops from cyber- delivers significant operational efficiencies by providing
attacks, spyware, botnets, and other forms of malware. the ability to intelligently identify and block the most
It prevents the download of unwanted programs while relevant alerts and attacks. Integration with market-
protecting against unauthorized network access. leading Foundstone VM solutions automatically identifies
IntruShield’s built-in Web-client protection complements and highlights risks. Enables targeted, prioritized
McAfee Perimeter and System Protection Solutions by risk management by importing and correlating risk
providing an additional layer of network protection assessment information from Foundstone, as well as
open-source VA systems such as Nessus
k Next-generation DoS prevention —The industry’s most
advanced, next-generation DoS-prevention technology k Signature, anomaly, and DoS analysis —IntruShield’s
delivers comprehensive, real-time protection against unmatched architecture integrates a variety of advanced
sophisticated DoS attacks, cyber-attacks, and cyber detection methods—including signature, application,
extortion. Multi-layered threshold, profile-based, and protocol anomaly, shell-code detection algorithms,
and SYN cookie technology—in combination with and next-generation DoS/DDoS prevention—to deliver
IntruShield’s unrivaled virtual IPS capabilities—deliver the most accurate protection available against today’s
highly granular protection against a broad spectrum of threats and attacks
DoS attacks, including DoS, DDoS, and SYN flood attacks
k Unmatched detection accuracy —IntruShield performs
k Infrastructure protection —Provides preemptive, zero- stateful traffic inspection with thorough parsing of over 100
day vulnerability protection against threats and attacks protocols, while leveraging over 3,000 high-quality, multi-
that target mission-critical routers, switches, perimeter token, multi-trigger signatures to provide the most accurate
firewalls, and DNS servers. Provides the only effective detection in the industry. IntruShield’s unmatched
means to protect critical network infrastructure during accuracy allows you to confidently block threats and
windows of vulnerability attacks in real time without affecting legitimate traffic

Downloaded from www.Manualslib.com manuals search engine

 Data Sheet | McAfee Network Protection Solutions

k Backed by McAfee—Proven protection, unmatched k Advanced intrusion forensics—Delivers unique forensic

security knowledge, and continuous proactive security features to analyze key characteristics of known and
research from the world’s largest dedicated security zero-day threats and intrusions. IntruShield’s powerful
company. McAfee, the most trusted name in the industry forensic capabilities provide highly actionable and
accurate information and reporting related to intrusion
Scalable and manageable identification, relevancy, direction, impact, and analysis
k Out-of-the-box default blocking—IntruShield is pre-set k Flexible deployment—Unprecedented flexibility of IPS or
for Default IPS Blocking, and comes pre-configured with a intrusion detection system (IDS) deployment—including
Recommended for Blocking policy that provides accurate in-line, port clustering, high availability, span, and
and proactive blocking for hundreds of attacks straight tap modes—suits any network security architecture.
out of the box. Recommended for Blocking signatures IntruShield’s flexible architecture allows SMBs to
are continuously updated by McAfee to provide automatically migrate from reactive intrusion detection
comprehensive protect ion against new threats to proactive intrusion prevention
k Easy-to-use centralized management—A single
Award-winning ASIC-based architecture
management console delivers simple, centralized,
Web-based management of IntruShield appliances k Purpose-built hardware—IntruShield appliances are
and policies. Plus, a rich set of fourteen ready-to- purpose-built for mission-critical intrusion prevention,
use, pre-defined IPS security polices allow for easy and are engineered using multiple state-of-the-art
customization. IntruShield’s easy-to-use management network processors, co-processors, FPGAs, and general-
reduces complexity, maximizes IT efficiencies, and purpose processors. IntruShield’s award-winning
lowers operational costs. IntruShield Security Manager architecture incorporates dedicated, high-speed
is provided at no cost for management of up to two (2) hardware to achieve unmatched accuracy, performance,
IntruShield appliances and proactive protection

k Integrated user authentication—Integrated user- k Investment protection—Industry’s most advanced

authentication capabilities deliver administrative and architecture, purpose-built for long product life cycles,
user-management efficiencies. Integration provides allows for continuous next-generation security and
system operators and users with comprehensive feature enhancements. Continues to provide advanced
authentication support to external databases, including protection against today’s threats, including spyware,
Radius, LDAP, and TACAS malware, DoS, VoIP vulnerabilities, botnets, and
encrypted attack protection, while never requiring
k Automated real-time threat updates—Innovative,
appliance hardware upgrades
automated process delivers real-time signature
updates without requiring sensor reboots and provides k Integrated network and host IPS—Provides
protection against newly discovered vulnerabilities while breakthrough integration by enabling host (McAfee Host
eliminating manual updates and network downtime Intrusion Prevention Solution) and network (IntruShield)
IPS security-event aggregation and coordination on a
k Always on management with automated disaster
single IntruShield Security Management console
recovery—Delivers uninterrupted, highly available
management capabilities by providing active/standby k High-availability deployment—Complete, stateful
management server technology for the IntruShield failover capabilities deliver high-availability (HA)
Security Management (ISM) system. Automated failover configuration between a pair of primary and failover
and fail-back technology enables disaster recovery of IntruShield appliances. IntruShield’s HA configuration
critical configuration data in the event of failure. Always feature allows transparent Layer 7 stateful failover,
on management ensures the continuity of critical thereby avoiding a single point of failure
network protection and supports corporate disaster
recovery policies

k Unprecedented virtual IPS—IntruShield’s unique and

flexible virtualization capability extends to both IPS
and the internal firewall, supporting up to 100 virtual
IPS sensors per physical device (100 for I-2700, 32 for
I-1400, 16 for I-1200), each virtual IPS with its own highly
customized and granular security policy

Downloaded from www.Manualslib.com manuals search engine

 Data Sheet | McAfee Network Protection Solutions

IntruShield Sensor Specifications

Sensor Hardware Components I-2700 I-1400 I-1200

Network location Perimeter Branch office/perimeter Branch office
Performance throughput Up to 600 Mbps Up to 200 Mbps Up to 100 Mbps
Maximum concurrent connections 250,000 80,000 40,000
Ports
Gigabit Ethernet detection ports 2 — —
Fast Ethernet (FE) detection ports 6 4 2
Dedicated FE response ports 3 1 1
Dedicated FE management port Yes Yes Yes
External fail-open control ports 1 — —
Console and aux ports Yes Yes Yes
Built-in network taps Yes (for FE ports) Yes Yes
Fail-open Yes (for FE ports) Yes Yes
Fail-close Yes Yes Yes
Mode of operation
Span port monitoring Yes Yes Yes
Tap mode Yes (for FE ports) Yes Yes
In-line mode Yes Yes Yes
Port clustering Yes Yes Yes
No. of virtual IPS systems 100 32 16
Traffic monitoring on active-active links Yes Yes Yes
Traffic monitoring on active-passive links Yes Yes Yes
Monitoring of asymmetric traffic routing Yes Yes Yes
High availability
Redundant power Yes (Optional) No No
Device failure detection Yes Yes Yes
Link failure detection Yes Yes Yes
Physical dimensions 2RU Rack-mountable 1RU Rack-mountable 1RU Rack-mountable
17.44 (W) x 3.44 (H) x 23.00 (D) 17.32 (W) x 1.65 (H) x10.5 (D) 17.32 (W) x 1.65 (H) x10.5 (D)
Weight 47 lbs. 17 lbs. 15 lbs.
Power 100–240 VAC (50/60 Hz) Same for all models Same for all models
Power consumption 250w 100w 100w
Temperature 0° to 40° C (Operating) Same for all models Same for all models
-40° to 70° C (Non-operating)
Relative humidity (non-condensing) Operational: 10 percent to 90 percent Same for all models Same for all models
Non-operational: 5 percent to
95 percent
Altitude 0–10,000 feet Same for all models Same for all models
Safety certification UL 1950, CSA-C22.2 No. 950, Same for all models Same for all models
EN-60950, IEC 950, EN 60825, IEC
60825, 21CFR1040 CB license and
report covering all national country
deviations
EMI certification FCC Part 15, Class A (CFR 47) Same for all models Same for all models
(USA) ICES-003 Class A (Canada),
EN55022 Class A (Europe), CISPR22
Class A (Int’l)

Downloaded from www.Manualslib.com manuals search engine

 Data Sheet | McAfee Network Protection Solutions

Sensor Software Components I-2700 I-1400 I-1200

Stateful traffic IP defragmentation and TCP stream reassembly Yes Yes Yes
inspection Detailed protocol analysis Yes Yes Yes
Asymmetric traffic monitoring Yes Yes Yes
Protocol normalization Yes Yes Yes
Advanced evasion protection Yes Yes Yes
Forensic data collection Yes Yes Yes
Protocol tunneling Yes Yes Yes
Protocol discovery Yes Yes Yes
Signature detection User-defined signatures Yes Yes Yes
Real-time signature updates Yes Yes Yes
Anomaly detection Statistical anomaly Yes Yes Yes
Protocol anomaly Yes Yes Yes
Application anomaly Yes Yes Yes
DoS detection Threshold-based detection Yes Yes Yes
Self-learning profile-based detection Yes Yes Yes
Maximum DoS profiles 300 120 100
Intrusion Stop attacks in progress in real time Yes Yes Yes
prevention Drop attack packets/sessions Yes Yes Yes
Reconfigure firewall Yes No No
Initiate TCP reset, ICMP unreachable Yes Yes Yes
Packet logging Yes Yes Yes
Automated and user-initiated prevention Yes Yes Yes
Encrypted attack Stops encrypted attacks in real time Yes No No
protection
Internal firewall Blocks unwanted and nuisance traffic Yes Yes Yes
Granular security policy enforcement Yes Yes Yes
High availability Stateful failover Yes Yes Yes
(for FE ports)
Management Command-line interface (console) Yes Yes Yes
Manager communication Secure channel Same for all models Same for all models

McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com

McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with
security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2006 McAfee, Inc. All
rights reserved. 1-sps-ins-006-0306

Downloaded from www.Manualslib.com manuals search engine