Tuesday, March 3, 2020

IPS Intruder Prevention System in a USG firewall



IPS analyzes network traffic to detect intrusions (such as buffer overflow attacks, Trojans, worms and botnets) to protect information systems and networks from these intrusions, as shown in Figure 1.

Through the IPS function, the firewall monitors or analyzes system events, detects attacks and intrusions at the application layer, and performs actions to terminate attacks in real time. The intrusion prevention capabilities of the firewall are as follows:

· Supports protection measures based on traffic types.

It is possible to define refined security policies to implement protection at different levels according to network environments.

· Supports deep inspection of packages in the application layer

The firewall has a database of constantly updated application signatures. Performs a deep inspection of packages in the traffic flows of thousands of applications for attacks and intrusions. According to the specific security policies of the configured applications, the firewall takes actions according to the traffic flows of different applications. In this way, the administrator can flexibly implement the intruder prevention function.

· Supports the detection of attacks of IP fragments and TCP flows out of order .

Certain attacks use fragments of IP packets and TCP packets out of order to evade threat detection. To address this problem, the firewall reassembles the IP fragments in packets or packets out of order in order before performing threat detection.

· Supports a database of signatures as well as user-defined signatures .

Intrusion Prevention System IPS-compatible devices use signatures to identify attack traffic. The capacity of the signature database represents the ability to identify threats at the application level.

The firewall's predefined signature database can identify thousands of application layer attacks. The constant updating of the signature database keeps the application identification and the FW attack defense capabilities updated. In addition, administrators can define signatures based on traffic information to improve the firewall's intruder prevention function.


1 comment: