Chapter 11: Intrusion Detection and Prevention
184
WatchGuard Firebox System
To detect whether a man-in-the-middle attack is in
progress:
1
Bring up the user interface for the Certificate
Authority.
The browser displays the fingerprint for the CA certificate.
2
Verify the certificate against the one displayed in
Firebox System Manager,
Front Panel
tab, as shown in
the following figure.
Blocking Sites
The Blocked Sites feature of the Firebox helps you prevent
unwanted contact from known or suspected hostile sys-
tems. After you identify an intruder, you can block all
attempted connections from them. You can also configure
logging to record all access attempts from these sources so
you can collect clues as to what services they are attempt-
ing to attack.
A blocked site is an IP address outside the Firebox that is
prevented from connecting to hosts behind the Firebox. If
any packet comes from a host that is blocked, it does not
get past the Firebox.
There are two kinds of blocked sites:
Summary of Contents for Firebox X10E
Page 1: ...WatchGuard Firebox System User Guide WatchGuard Firebox System ...
Page 12: ...xii WatchGuard Firebox System ...
Page 44: ...Chapter 2 Service and Support 22 WatchGuard Firebox System ...
Page 61: ...Cabling the Firebox User Guide 39 ...
Page 68: ...Chapter 3 Getting Started 46 WatchGuard Firebox System ...
Page 78: ...Chapter 4 Firebox Basics 56 WatchGuard Firebox System ...
Page 156: ...Chapter 8 Configuring Filtered Services 134 WatchGuard Firebox System ...
Page 182: ...Chapter 9 Configuring Proxied Services 160 WatchGuard Firebox System ...
Page 220: ...Chapter 11 Intrusion Detection and Prevention 198 WatchGuard Firebox System ...
Page 242: ...Chapter 12 Setting Up Logging and Notification 220 WatchGuard Firebox System ...
Page 256: ...Chapter 13 Reviewing and Working with Log Files 234 WatchGuard Firebox System ...
Page 274: ...Chapter 14 Generating Reports of Network Activity 252 WatchGuard Firebox System ...