Intrusion Prevention
Intrusion Prevention
Enhance Security

Today more than ever organizations rely on their network resources, services and Internet connectivity in order to function in the modern world. The Internet is an amazing resource but it is also a very dangerous place. Protecting your organization's assets while maintaining an Internet presence can be a formidable task. A firewall is one of the main components for the protection, control and security of an organization's private network, however additional security methods can create a more robust defense.

Security In Depth
A Layered Approach

A security "in depth" approach provides a strategy to enhance network security through a layered approach. Network security defense in depth is the organized use of diverse security methods to protect the assets in a network. The design is based on the principle that it is more difficult for an adversary to thwart a multi-layered network defense system than to penetrate a single system.

GTA's IPS facility is an additional component in this layered approach.

Intrusion Prevention Systems
Explained

Intrusion prevention systems (IPS) are systems that monitor network traffic for malicious activity and attempt to stop it. The IPS system module operates in-line and attempts to identify hostile activity, log information about the activity, block it and report on it.

The IPS performs protocol analysis, content searching and matching. The IPS can detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, buffer overflows, probes, and stealth port scans.

A Part of Threat Management
GTA's IPS Feature

GTA's Intrusion Prevention System (IPS) uses robust signature-based policy definitions to recognize attacks and protect against network anomalies. IPS carefully analyzes traffic and automatically blocks attacks before they can reach the network. Administrators are notified of intrusions and intrusion attempts using either log messages or email alerts.

The IPS facility is available as a standard part of GB-OS. It comes with a standard set of policies that are designed to help create a powerful, customized IPS configuration. GTA Firewalls that have a current GTA support contract will receive automatically updated IPS policies. Administrators can incorporate these updated policies into their IPS configuration as new security threats are identified.

The IPS Setup Wizard provides a quick and easy way to get the IPS facility up and running. The IPS Setup Wizard provides groups of predefined IPS policy that an administer can enable then later fine tune individual polices as needed.

IPS Setup Wizard Policy Groups

Adware/Spyware
Technologies deployed without appropriate user consent and/or implemented in ways that impair user control
Databases
Attacks on Microsoft SQL Server, MySQL, Oracle
IM Clients
Exploits AOL, ICQ, IRC, MSN, and Yahoo Instant Messengers
P2P
BitTorrent, eDonkey, GNUTella, Kazaa, Napster, etc.
VoIP
VoIP Services
Web Server
Apache and IIS Web Servers exploits
Trojans
Trojans appear safe but contain malicious or harmful code