Huawei NIP2000/5000 Intrusion Prevention System 

NIP2000/5000 Intrusion Prevention System

Huawei Intrusion Prevention System (IPS) of NIP series is designed for large- and medium-scale enterprises, industries, and carriers to defend against network threats and ensure proper running of services. With the modularized engine design and various advanced detection technologies, the NIP provides virtual patches, web application protection, client application protection, anti-malware, antivirus, anti-DDoS, and application sensing and control on IPv4 and IPv6 networks. The NIP helps implement service continuity, data security, and law and regulation compliance.

With the carrier-class design, Huawei NIP system supports various special protocols, such as Multiprotocol Label Switching (MPLS) and Virtual Local Area Network (VLAN), and can be deployed in various environments. The NIP with default configurations can automatically block various types of service threats. Therefore, the NIP significantly simplifies the deployment and effectively decreases the total cost of ownership (TCO).

Farsighted Overall Prevention

The NIP uses various advanced detection technologies to effectively defend against various types of known and hidden threats. The technologies are as follows:
Intelligent protocol identification technology, which is used to identify different applications and protocols. This technology frees you from manually setting the protocol port.
Vulnerability- and attack signature-based detection technologies, which are used to detect and defend against known attacks, such as vulnerability-based attacks, worms, and Trojan horses.
Protocol anomaly detection, traffic anomaly detection, and heuristic detection technologies, which are used to effectively detect hidden vulnerabilities and malware attacks.
Virtual patches: The NIP uses multiple types of intrusion detection technologies. The most important technology is vulnerability-based detection technology, which can effectively prevent against vulnerability-based threats, such as overflow attacks and worm infections. Compared with traditional attack signature-based detection technology, this technology does not generate false positive reports and can prevent against attacks that use evasive technologies.

Advantages

Overall defense against new threats
Defends against new malware, zero-day attacks, and botnet.
Defends against application-layer DDoS attacks, such as DNS, HTTP, and SIP attacks.
More than 300 security researchers globally collect threats and update signatures in real time.
Accurate detection and automatic prevention against service threats
Uses vulnerability-based detection technology to provide accurate detection.
Avoids threshold configuration mistakes through automatic baseline learning.
Automatically prevents against key service threats with no manual intervention.
Easy to use and low TCO
Can be deployed online with default configurations.
Provides centralized security management and real-time security monitor.
Provides visualized application traffic.
High availability
Provides carrier-class hardware design and supports temperature monitor and hot swap of components, such as the fan and power supply.
Supports active-active and active-standby HA deployments.
Supports hardware bypass.

Product Appearance

NIP2000/5000 Series Intrusion Prevention System

Product Functions

With more than 300 advanced researchers and global data and attack collection capabilities, Huawei security research team provides newest security reports and releases new vulnerability signatures periodically (every week) or in emergency (when a key security vulnerability is detected) mode. These vulnerabilities are then delivered to the IPS devices through the cloud security center so that the IPS devices can defend against zero-time-difference attacks as soon as the vulnerabilities are released.

Client protection

In Web 2.0 era, more attacks are launched targeting at browsers and widely-spread PDF, SWF, JPEG, and Office documents. A large number of PCs with weak client protection are controlled by hackers as zombies, and key information (such as bank accounts and network passwords) on these PCs are stolen.
The NIP provides in-depth resolution based on protocols and file formats. It can detect encoded or compressed files, such as GZIP and UTF files. In the process of resolution, the NIP automatically skips the content that is irrelevant with threats. In doing so, the NIP provides overall browser and file vulnerability defense and outstanding online detection performance.

Malware control

The NIP defends against malware, such as Trojan horse backdoor, adware, and malicious programs. The NIP blocks the communications and transmission traffic of malware based on the signatures of the communications and traffic and prevents the spreading of the malware. In doing so, the NIP helps decrease the IT cost and prevents potential personal data intrusion and confidential data leaks.

Web application protection

Enterprises and organizations migrate applications to the web service platform. However, these enterprises and organizations are greatly affected by web server-targeted intrusion attacks and malicious behaviors, such as SQL injection-based web page change, administrator password stolen, and overall website data destruction.

Application sensing and control

The NIP can identify more than 1200 network applications, monitor and manage online behaviors, such as Instant Messaging (IM), gaming, video, and stocking, help enterprises identify and limit unauthorized online behaviors, and implement security policies to ensure the working efficiency of employees.
The NIP applies a refined bandwidth distribution policy to limit the bandwidth used by malicious applications, such as P2P, online video, and large file download, and ensures enough bandwidth for office applications, such as Office Automation (OA) and Enterprise Resource Planning (ERP).

Infrastructure protection

The NIP has powerful anti-DDoS and traffic model self-learning capabilities. When DoS attacks are detected or network traffic surges because of the burst of a large scale viruses in a short term, the NIP can automatically detect and block the attacks and abnormal traffic to defend infrastructures, such as routers, switches, VoIP systems, DNS, and web servers, against various types of DoS attacks and ensure the continuity of key services.

Easy to Deploy

The NIP is delivered with the mature security policy and can provide security protection with no configurations. This default security policy uses advanced engine technology and high-quality vulnerability-based signatures and provides accurate threat detection. With this policy, the NIP can automatically block the medium and advanced threats that may compromise services.
The NIP can be deployed off-line or online in transparent mode. Interfaces on one device can work online or off-line. Network and security administrators can flexibly select working modes of the device as required without adjusting the network.
The NIP also detects data encapsulated on special networks, such as networks using MPLS, VLAN trunk, or Generic Routing Encapsulation (GRE), and can be flexibly deployed in various places.

High Availability

To deploy the IPS online, high availability is required. Huawei NIP provides the highest-level availability. The NIP supports high availability configurations (configurations of active-standby mode and active-active mode), hot swap of the redundancy power supply and fan, and e-disk solutions. The NIP also provides software and hardware bypass functions (enabled when the software or hardware is faulty), which can bypass a functional module when anomalies occur in this module and bypass the IPS device when the IPS device is faulty.

Centralized Management and Report

The NIP provides not only web management of the device but also centralized management of NIP Manager, through which centralized configuration operations, such as monitoring, upgrade, and policy delivery, can be performed on multiple devices.
The NIP provides customers with multiple predefined policies to meet the requirement of policy customization.
The NIP Manager has rich log statistics report functions, which enable the NIP Manager to globally display real-time network status, historical information, Top N detected attacks, and traffic trends from multiple granularities and dimensions. With these statistics, users can know the health status of the network at any time and secure the network and perform IT behaviors under the guidance.

Networking and Applications


Internet Access Point

Limits undesired P2P and video traffic and ensures the bandwidth for proper services.
Prevents IM, online gaming, and stock exchange applications to avoid network abuse.
Prevents online storage, Web mail, and IM applications to avoid disclosure of internal documents or confidential information.
Protects internal hosts and browsers against threats to avoid data loss, data damage, or turning the hosts into zombies

Off-line Monitor (IDS Mode)

Meets the requirement of policy compliance.
Meet the governmental mandatory standards in classified protection of information system and secret-involved networks.
Helps to maintain the network by providing key information for intrusion detection or faults caused by other anomalies.
Helps enterprises to pass standard authentications, which are necessary for company listing or investment promotion.

In Front of a Server

Prevents worms and exploits targeting at service and platform vulnerabilities to avoid possible damage, tampering, data loss, or turning the servers into zombies.
Prevents server faults caused by DoS or DDoS attacks.
Prevents emerging attacks, such as SQL injection, cross-site scripting, scanning, password guessing, and sniffing, targeting at Web applications.
Provides IDC value-added services.

WAN Border

Implements network logical isolation.
Prevents the spread of worms and Trojan horses from external networks.
Monitors violations on internal networks.
Detects and prevents malicious behaviors, such as sniffing and reconnaissance, from external networks.

Product Specifications

Model NIP2050 NIP2100 NIP2130 NIP2150 NIP2200 NIP5100 NIP5200 NIP5500
Extension and I/O
Dedicated management interface 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45)
Fixed interface

4 x GE (RJ45)

4 x GE (combo)

4×GE(RJ45)

4×GE(combo)

4×GE(RJ45)

4×GE(combo)

4×GE(RJ45)

4×GE(combo)

4×GE(RJ45)

4×GE(combo)

4×GE(RJ45)

4×GE(combo)

4×GE(RJ45)

4×GE(combo)

4×GE(RJ45)

4×GE(combo)

2×10GE(SFP)

Feature
Server protection Provides all-round protection for application servers and defends against system vulnerability attacks, service vulnerability attacks, brute force, SQL injection, cross-site scripting, and viruses.
Client protection

● Protects browsers and plug-ins, such as Java and ActiveX.

● Protects files such as Word, PDF, Flash, and AVI.

● Detects and defends against system vulnerabilities, spyware, adware and viruses.

Infrastructure Protection

● Defends against malformed packet attacks, special packet control attacks, scanning attacks, and TCP/UDP flood attacks.

● Defends against application-layer DDoS attacks, such as the HTTP, HTTPS, DNS, and SIP flood attacks.

● Traffic self-learning: sets the threshold for traffic-type attacks based on statistics on normal traffic.

Network application control

Identifies and controls more than 1200 application protocols, including P2P, IM, online game, stock, voice, online video, stream media, web mail, mobile terminal, and remote login applications.

Provides real-time alarming, audible alarms, syslogs, SNMP traps, emails, SMS messages, interworking with the third-party device, IP address isolation, attack packet capture, and real-time session blocking.

Alarm and Response
Device management

● Provides GUI, hierarchical management over administrators, access control permission setting, and centralized management over devices.

● Supports the rollback and periodic update of the engine knowledge database, and centralized update on the intranet.

Log report monitor Provides device status monitoring, event information backup, log query and filtering, real-time network status monitoring, and report customization.
Deployment and availability

● The IPS device is deployed in in-line mode and the IDS device is deployed in off-line mode. Interfaces are deployed in online and off-line modes.

● Supports hardware bypass cards and hot standby deployment.

Specifications of Integrated Devices
Dimensions (H x W x D) (mm) 43.6 x 442 x 560 43.6 x 442 x 560 43.6 x 442 x 560 130.5 x 442 x 415
Power supply

AC: 100 V to 240 V 50/60 Hz

Power supply redundancy is supported.

AC: 100 V to 240 V 50/60 Hz

DC: –48 V to –60 V

Power supply redundancy is supported.

Maximum power
150 W
300 W
Operating environment

Temperature: 0ºC to 40ºC

Relative humidity: 5% to 95%, non-condensing

MTBF 12.67 years

Ordering Information

Model (External) Description
Host Quoted Items
NIP2050-AC-01 NIP2050 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP2100-AC-01 NIP2100 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP2130-AC-01 NIP2130 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP2150-AC-01 NIP2150 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP2200-AC-01 NIP2200 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5100-AC-01 NIP5100 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5200-AC-01 NIP5200 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5200-DC-01 NIP5200 Standard DC Host(4GE(RJ45)+4GE Combo,4G Memory,2 DC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5500-AC-01 NIP5500 Standard AC Host(4GE(RJ45)+4GE Combo+2*10GE Optical Ports,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5500-DC-01 NIP5500 Standard DC Host(4GE(RJ45)+4GE Combo+2*10GE Optical Ports,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
Host Auxiliary Software
NIP2050 Knowledge Base Update Feature
LIC-IPS-12-NIP2050 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-IPS-36-NIP2050 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
LIC-AV-12-NIP2050 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-AV-36-NIP2050 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
NIP2100 Knowledge Base Update Feature
LIC-IPS-12-NIP2100 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-IPS-36- NIP2100 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
LIC-AV-12- NIP2100 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-AV-36- NIP2100 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
NIP2130 Knowledge Base Update Feature
LIC-IPS-12-NIP2130 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-IPS-36- NIP2130 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
LIC-AV-12-NIP2130 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-AV-36- NIP2130 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
NIP2150 Knowledge Base Update Feature
LIC-IPS-12-NIP2150 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-IPS-36- NIP2150 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
LIC-AV-12- NIP2150 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-AV-36- NIP2150 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
NIP2200 Knowledge Base Update Feature
LIC-IPS-12-NIP2200 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-IPS-36-NIP2200 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
LIC-AV-12-NIP2200 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-AV-36-NIP2200 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
NIP5100 Knowledge Base Update Feature
LIC-IPS-12-NIP5100 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-IPS-36-NIP5100 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
LIC-AV-12-NIP5100 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-AV-36-NIP5100 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
NIP5200 Knowledge Base Update Feature
LIC-IPS-12-NIP5200 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-IPS-36-NIP5200 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
LIC-AV-12-NIP5200 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-AV-36-NIP5200 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
NIP5500 Knowledge Base Update Feature
LIC-IPS-12-NIP5500 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-IPS-36-NIP5500 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
LIC-AV-12-NIP5500 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
LIC-AV-36-NIP5500 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
Service Board/Bypass Card
FIC-4GE-BYPASS 4GE Electric Ports Bypass Card,with HW General Security Platform Software
FIC-8GE 8GE Electric Ports Interface Card,with HW General Security Platform Software
FIC-8SFP 8GE Optical Ports FIC Interface Card,with HW General Security Platform Software
FIC-2LINE-M-BYPASS 2 Link LC/UPC Multimode Optical Interface Bypass Protect Card,with HW General Security Platform Software
FIC-2LINE-S-BYPASS 2 Link LC/UPC Singlemode Optical Interface Bypass Protect Card,with HW General Security Platform Software
FIC-2SFP+ 2*10GE Optical Ports FIC Interface Card,with HW General Security Platform Software
FIC-2SFP+&8GE 2*10GE Optical Ports+8GE Electric Ports Interface Card,with HW General Security Platform Software