Planet Networking & Communication MH-5001 User Manual page 188

MH-5001 User Manual
Step 2 – Setup Logs
Enter the Mail Server IP Address, Mail
Subject, and the email address that you want
to receive from. Select the Log Schedule of
emailing the logs to your email server.
Step 3 – View logs
Attacks towards the WAN port from the public
Internet will be logs to tell the details.
Notice, the IPS can only detect WAN interfaces
currently.
Signature-based IPS
Anomaly-based IPS
DEVICE STATUS > Log Config > Mail Logs
DEVICE STATUS > IPS Logs
Signature-based IPS detects intrusions by observing events and identifying patterns which match the
signatures of known attacks. An attack signature defines the essential events required to perform the
attack, and the order in which they must be performed. Different ID systems represent signatures in
different ways. It uses a database table to store the state of the finite state machines representing
possible attacks in progress. MH-5001 has a complete attack database to provide you a corporate-wide
real-time protection.
Anomaly-based IPS captures all the headers of the IP packets running towards the network. From this,
it filters out all known and legal traffic, including Web traffic to the organization's Web server, mail
traffic to and from its mail server, outgoing Web traffic from company employees and DNS traffic to
and from its DNS server. The anomaly method detects any traffic that is new or unusual. It can,
therefore, give early warnings of potential intrusions, because probes and scans are the predecessors of
all attacks. And, the more targeted the probes and scans, the more likely that the hacker is serious about
attacking your network.
Table 23-1 Signature-based IPS vs. Anomaly-based IPS
185
Chapter 23
Intrusion Prevention Systems