Manualshelf

User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc
71727374757677787980
Chapter 8: Working with Security Events
78
Configuring Protection Domains
Introduction Protection domains let you define security policies for different network segments
monitored by a single appliance. Protection domains act like virtual sensors, as though
you had several appliances monitoring the network. You can define protection domains
by ports, VLANs, or IP address ranges.
When to use You use protection domains when you want to monitor groups of different network
segments from a single appliance using global policies that centralize intrusion
prevention.
Use protection domains as follows:
to define and apply multiple protection domains to a single appliance
to apply multiple policies to a single appliance, which lets you tune the responses to
specific network traffic on one or more networks
Protection domains
and security events
The appliance always uses a global security policy. This means that the appliance handles
security events in the same manner for all areas of the network. The appliance always uses
this single global policy to handle security events, unless you define protection domains
and edit security event policies to suit each domain.
Once you have configured protection domains, you use them in conjunction with security
policies that handle security events occurring on the network.
You can create specific security policies for specific protection domains, or you can tweak
the global policy for specific domains as you see fit. These policies tell the appliance what
properties signal an event and how to respond if the event occurs.
Note: Certain Flood and Sweep signatures are not supported with user-defined
Protection Domains. These attacks generally affect multiple targets, which are potentially
spread across Protection Domains. You should enable these signatures for the Global
Protection Domain so they are reported correctly.
Adding protection
domains
To add or change protection domains:
1. On the Protection Domains page, click Add.
2. Complete or change the settings as indicated in the following table.
Setting Description
Enabled Select this check box to enable the protection domain.
Protection Domain Name Type a descriptive name for the domain.
Comment Type a unique description for the domain.