Logo of NSFOCUS
English Version Chinese Version Japanese Version
Products
NSFOCUS WAF
NSFOCUS ADS
NSFOCUS NTA
NSFOCUS NIPS
NSFOCUS RSAS
NSFOCUS WebSafe
Solutions
SP MAN Core Network
SP Netbar and Dedicated Internet Access
MAN IDC
NSFOCUS ANTI-DDOS SYSTEM
Overview

Today’s distributed denial of service (DDoS) attacks are more virulent, more destructive, and more focused than ever. They can easily elude and overwhelm most common cyberdefenses. Composed of legitimate-appearing requests, spoofed identities, and more, these highly sophisticated attacks can be virtually impossible to identify and block.  DDoS attacks can paralyze your networks and prevent you from conducting business, costing business billions of dollars in lost revenue every year.

As a global leader in active perimeter security, NSFOCUS has designed an Anti-DDoS System (ADS) appliance that defends data centers, Metropolitan Area Networks (MANs), Internet service providers (ISPs), backbone networks, content delivery providers and enterprises against crippling DDoS attacks. Equipped with a customized operating system and integrating advanced anomaly recognition, source verification, and anti-spoofing technologies, NSFOCUS's ADS protects businesses of all sizes.

 
Features and Benefits
Accurate Attack Prevention

NSFOCUS engineers have developed a series of innovative, advanced algorithms that accurately detect and prevent malicious DDoS attacks. These integrated filtering modules include:

  • Anti-Spoofing
  • Protocol Analysis
  • Customized Application Analysis
  • User Behavior Analysis
  • Dynamic Fingerprinting
  • Rate Limiting

Working together, they deliver a solid defense by applying probability statistics against both known and unknown DDoS attacks. In addition to traditional anti-DDoS methods used by firewalls, IPS systems, etc, NSFOCUS's ADS appliance utilizes efficient algorithms of attack detection and identification to deal with massive DDoS attacks. The NSFOCUS ADS does more than merely stop attacks; it also applies cleaning techniques to ensure that only valid traffic gets through, and that your network remains operational.


Advanced System Architecture

NSFOCUS’ specially-designed ADS operating system reduces memory overhead, ensuring consistent, efficient operation; its modularized control system guarantees operation availability, under even the most extreme attack scenarios.

For customers who need greater throughput requirements, NSFOCUS’ high-end ADS appliances utilize Tilera’s® TILE64Pro™ multi-core architecture, dramatically boosting prevention capability up to 10 Gbps without compromising performance.


Multi-level DDoS Prevention Mechanism

NSFOCUS’s ADS appliance is an integrated system ready to detect and mitigate increasingly sophisticated, complex, and deceptive DDoS attacks, including SYN Flood, UDP Flood, ICMP Flood in the network layer, as well as HTTP Get Flood, and DNS attacks in the application layer.


Flexible Scalability

The full line of NSFOCUS’s ADS appliances features an advanced cluster architecture, with processing scalability, allowing you to easily expand your system capacity as needed. Both in-line and traffic diversion modes are flexible and easy to deploy in a cluster when additional processing capacity is required. The traffic diversion deployment mode enables DDoS traffic attack prevention capability from a single unit of up to 100 Gbps, scaling to more than 200+ Gbps in clustered mode.


Intuitive and Centralized Management

NSFOCUS’s ADS appliances feature an intuitive, web-based GUI that makes it easier for you to manage the policy definition, operational monitoring, and report generation processes. Multiple monitoring and reporting levels provide your network operators and security administrators with a wide range of detailed real-time and historical information, as well as valuable information for security experts to review and tune your ADS security policies.

 
Application Scenario
Solution for MANs, ISPs and Data Centers

Integrated with the NSFOCUS NTA (Network Traffic Analyst) and NSFOCUS ADS-M (Management Console), the NSFOCUS ADS system offers an anti-DDoS solution that automatically analyzes and cleans anomaly traffic and provides unique policy application, reporting and self-service capability for end users.

When your network is attacked, traffic is diverted away from the main path and filtered by an ADS deployed at your egress point. After it’s filtered, the cleaned traffic is streamed back to your network. The out-of-path mode ensures network security, maximizing your corporate uptime.


 
Specifications
Functional Specification Description
Security Attack Prevention -TCP (syns, sync-acks, acks, fins, fragments)
- UDP (random port floods, fragments)
- ICMP (unreachable, echo, fragments)
- DNS attacks
- HTTP Get Flood
- Inactive and total connections - Resource exhaustion
Packet Filtering Provides policies based on header information (source IP address, destination IP address, source port, destination port, protocol type, service type, and logic index of input interface) and payload matches.
Provides ACLs based on source IP address, destination IP address, source port, destination port, and protocol type.
Customized User Group Create specialized anti-DDoS policies to protect different categories of businesses
Traffic Monitoring Real-time attack event statistics
Real-time traffic monitoring
Forensics Forensic analysis
Performance Prevention Capability ADS4000: 4Gbps; ADS6000: 10Gbps; Cluster mode: tens of Gbps
Protocol Routing Protocol RIP, OSPF, BGP, MPBGP, IS-IS, LDP
Network Layer Protocol Supports MPLS re-injection, MPLS VPN, and GRE re-injection
Data Lcink Layer Protocol Supports 802.1Q
Deployment Deployment Method In-line, traffic diversion, cluster deployment
Configuration & Mgt. Terminal Service HTTPS, CLI, SSH, SYSLOG, SNMP
System Management Supports import and export of configuration files
Supports multistage and multi-privilege management
Supports license management
Log Log Management Provides system logs and attack logs
Log Service Supports SYSLOG server and automatic log sending through Emails

Physical Specification

ADS 4000 Series

ADS 6000 Series

Interface

1* mgt. interface, 4*1000M copper port, 8*1000M SFP interface, 10G interface  optional (4 interfaces at most)

1* RJ232,  2*10GE SFP+ interface (10GE LAN), 2* GE copper port, 2* 1000M SFP interface

Height

2U

2U

Device Management

HTTPS, CLI, SSH, SNMP, SYSLOG

HTTPS, CLI, SSH, SNMP, SYSLOG

Power

AC, DC, redundant

AC, DC, redundant

Mean Time Between Failures (MTBF)

60,000 hours

87,600 hours

Operating Temperature

0-45℃

0-45℃

 

Pre-Sale Consultation
Contact NSFOCUS sales:
international-business@nsfocus.com
  ©2010