Table of Contents
Advertisement
232
Managing intrusion prevention
How intrusion prevention works
How intrusion prevention works
Managing intrusion prevention (continued)
Table 16-1
Task
Create exceptions to ignore browser
signatures on client computers
Intrusion prevention is part of Network Threat Protection.
Intrusion prevention automatically detects and blocks network attacks and attacks
on browsers. Intrusion prevention is the second layer of defense after the firewall
to protect client computers. Intrusion prevention is sometimes called the intrusion
prevention system (IPS).
See
Managing intrusion prevention on your client computers"
Intrusion prevention intercepts data at the network layer. It uses signatures to
scan packets or streams of packets. It scans each packet individually by looking
for the patterns that correspond to network or browser attacks. Intrusion
prevention uses signatures to detect attacks on operating system components
and the application layer.
Intrusion prevention provides two types of protection.
Network intrusion prevention
Browser intrusion prevention
Description
You can create exceptions to exclude browser
signatures from browser intrusion prevention.
You might want to ignore browser signatures if
browser intrusion prevention causes problems
with browsers in your network.
See
Creating exceptions for IPS signatures"
on page 234.
Network intrusion prevention uses signatures to
identify attacks on client computers. For known
attacks, intrusion prevention automatically discards
the packets that match the signatures.
Browser intrusion prevention monitors attacks on
Internet Explorer and Firefox. Browser intrusion
prevention is not supported on any other browsers.
This type of intrusion prevention uses attack
signatures as well as heuristics to identify attacks on
browsers.
For some browser attacks, intrusion prevention
requires that the client terminate the browser. A
notification appears on the client computer.
on page 229.
Advertisement
Table of Contents
Troubleshooting
