Setting IPS Rules and Actions
After pattern matching recognizes an intrusion in traffic
subject to an IPS Rule one from actions associated with that
Rule is taken.
• Protect
− Drops the connections and the logs event
− D-Link ZoneDefense mechanism might be triggered
− Dynamic Black Listing can block connections for particular time duration
and/or block vulnerable service.
and/or block vulnerable service.
• Pipe
− Configure traffic shaping for hosts that trigger an action. Specify
bandwidth and optionally apply it to network or host
• Audit
− Allow the connection to stay open but log the event
• Ignore
− Do nothing if an intrusion is detected and allow the connection to stay
open
Kommentare zu diesen Handbüchern