ICR-1601
177
4.2.4
IPS
To provide application servers in the Internet, administrator may need to open specific ports for the
services. However, there are some risks to always open service ports in the Internet. In order to avoid such
attack risks, it is important to enable IPS functions.
Intrusion Prevention System (IPS) is network security appliances that monitor network and/or system
activities for malicious activity. The main functions of IPS are to identify malicious activity, log information
about this activity, attempt to block/stop it and report it. You can enable the IPS function and check the
listed intrusion activities when needed. You can also enable the log alerting so that system will record
Intrusion events when corresponding intrusions are detected.
IPS Scenario
As shown in the diagram, the gateway
serves as an E-mail server, Web Server and
also provides TCP port 8080 for remote
administration. So, remote users or
unknown users can request those services
from Internet. With IPS enabled, the
gateway can detect incoming attack
packets, including the TCP ports (25, 80,
110, 443 and 8080) with services. It will
block the attack packets and let the
normal access to pass through the
gateway.