C
3
H A P T E R
The IPS Sensor_Name node
Sensor_Name
The
network. Each
actions available at the
Sensor.
Note that a senor name can appear twice on your Resource Tree. For example, if you
have added a Sensor to perform IPS on your network and have named it as "Sensor_X",
then once configured, "Sensor_X" is listed under Device List as well as IPS Settings. You
can manage the physical settings such as software upgrade, reboot for "Sensor_X" using
Device List > Sensor_Name
"Sensor_X" using
IPS Sensor settings
IPS Sensor
The
•
Manage policies
•
Manage alert filters
•
Manage HTTP response scanning
•
View DoS detection status
Figure 168: IPS Sensor Tab
Policies at Sensor_Name level
In Network Security Platform, IPS policies are enforced at the interface and sub-interface
nodes, not at the
thus multi-interface, this allows multiple policies to be enforced within a single Sensor
rather than a single catch-all policy. Compared to today's IDS products, this is like having
several Sensors in one box.
Although IPS policies are not customizable at the
enforcement is. Reconnaissance attacks, such as port scans and host sweeps, are
customized at the
across a network and are not easily detected in the traffic monitored by a single interface.
By enforcing the reconnaissance detection at this level, a broader view of network activity
can be achieved.
For more information, see Managing policy across an entire sensor (on page 157).
IPS Settings
nodes under
represent IPS-aware Sensors installed in your
Sensor_Name
node is a uniquely named (by you) instance of a Sensor. All
Sensor_Name
resource level customize the settings for a specific
node. Likewise, you can manage the IPS related configurations for
IPS Settings > Sensor_Name
node.
tab facilitate the following actions on the configured Sensor:
Sensor_Name
node. Since Network Security Sensors are multi-port and
Sensor_Name
node because these types of attacks are often spread out
156
Sensor_Name
level, reconnaissance attack