Manualshelf

User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc
919293949596979899100
Configuring Connection Events
93
Proventia Network IPS G and GX Appliance User Guide
Configuring Connection Events
Introduction Connection events are user-defined notifications of open connections to or from particular
addresses or ports. They are generated when the appliance detects network activity at a
designated port, regardless of the type of activity, or the content of network packets
exchanged.
The Connection Events page lists pre-defined connection events for different connection
types, such as WWW, FTP, or IRC. Use this page to customize these events or to create
your own events to cover the traffic you need to monitor.
For example, you can define a signature that causes a connection event to alert the console
whenever someone connects to the network using FTP.
Note: The connections are always registered against the destination port you specify, so to
monitor an FTP connection, you must use the FTP port. One entry per connection is
sufficient for traffic in each direction.
How connection
events work
Connection events occur when network traffic connects to the monitored network
through a particular port, from a particular address, with a certain network protocol. The
appliance detects these connections using packet header values. Connection events do not
necessarily constitute an attack or other suspicious activity, but they are network
occurrences that might interest a Security Administrator.
Note: Connection events do not monitor the network for any particular attack signatures.
You use security events to monitor for these types of attacks. See “Configuring Security
Events” on page 80 for more information.
About removing
connection events
You can remove any connection event from the list. However, if you edited a pre-defined
connection event and now decide you want to remove it, be aware that the event is not
returned to its pre-defined state. The event is removed from the list entirely. If you want to
use this event again in the future, it will no longer be available.
Consider disabling the event and keeping it in the list. This way, if you want to use it
again at another time, the event is still available to you in some form.
Adding connection
events
To add connection events:
Note: The settings in this procedure correspond to the columns that appear on the
Connection Events page.
1. On the Connection Events page, click Add.
2. Complete the settings as indicated in the following table.
Setting Description
Enabled The event is enabled by default. If necessary, clear the check box to
disable the event.
Event Name Type a unique descriptive name for the event.
If you are editing a pre-defined event, the name appears here as
read-only.