Manualshelf

User manual

ManualsBrandsBaseWall ManualsComputer equipmentDual WAN VPN Firewall VPN 2000
41424344454647484950
- BaseWall VPN 6000 user manual -
5 Wizard: IDS/IPS management
The IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) are
two components of vital importance to the security of your BaseWall VPN 6000.
Both are enabled by default. The IDS constantly monitors network traffic to-
and from your firewall, looking for suspicious network traffic that could be
indicative of an (impending) attack. Whenever such suspicious traffic is
detected, the IDS will signal the IPS to place the offending Internet host on it's
“blacklist”. Hosts on the blacklist are denied access to your firewall and your
nternal network. Thus any attacks detected by the IDS are effectively and
allmost instantly dealt with. No user intervention is required for this protective
feature.
However, a possibility exists that you so often suffer from attacks or
misbehaviour from certain hosts on the Internet that you wish to permanently
award them a place on your “blacklist” (denying them access to your firewall
and internal network). This can be done through the IDS/IPS management
wizard.
There is also the theoretical possibility of a host displaying suspicious
behaviour which should nevertheless not be blacklisted. External security
audits generally qualify as “suspicious” behaviour (from the IDS's point of view)
since they often try for known vulnerabilities. In spite of this you may not want
to blacklist your IT contact. Whenever a specific host is “allowed” to generate
suspicious traffic without the normal repercussion of being awarded a place on
the “blacklist”, we place this host on a “whitelist”. Hosts on the “whitelist” are
never placed on the “blacklist”, no matter what they do.
5.1 Manage the Intrusion Prevention System
To manage your firewall's IPS:
Click on the “IDS/IPS management” text under “Setup subsystems” on the
left-hand side of the screen in the “Configuration” context.
The “Manage the Intrusion Prevention System” screen should appear.
This screen can be used to add hosts (or networks) to the blacklist or whitelist
and to remove hosts (or networks) from these lists.
Page 42 / 79