Intrusion Prevention System (Ips) - Allied Telesis AR Series Technical Manual

Feature Overview

URL Filtering
Stream-based URL filtering provides a fast, efficient method of controlling access to websites
that are known to be undesirable. It acts on a global basis and should be used when traffic is to
be blocked for everyone on the blacklist, or allowed for selective URLs as configured in a
whitelist.
For more information about how it works, see
feature, see
Updating Some of these features involve a partnership with a third-party security specialist. These specialists
service files
provide algorithmic engines and pattern files to match signatures of known viruses, attack
sequences and the like. The pattern files are frequently updated (some are updated multiple times a
day) and made available for download on the Allied Telesis update server. The AR-Series UTM
firewalls automatically checks the Allied Telesis download server for new updates to pull down.
Perform- Enabling advanced network protection features significantly increases traffic processing and
ance
therefore CPU load. For information and guidance about the performance and security implications
of enabling these features, and of stream and proxy processing methods, see
Solution" on page
On the AR4050S, the UTM Offload feature can improve network forwarding performance by
offloading some of the advanced security feature processing to another virtual or physical machine.
This is automatically managed by the AR4050S. See

Intrusion Prevention System (IPS)

This feature is supported from AlliedWare Plus version 5.4.5 or later.
AlliedWare Plus Intrusion Prevention System (IPS) inspects inbound and outbound traffic to identify
and log suspicious network activity; it proactively counteracts malicious threats. IPS uses the
Suricata IDS/IPS engine to monitor and compare threats against an IDS database of known threat
signatures.
This section describes how IPS works. To configure this feature, see
Prevention System (IPS)" on page
AlliedWare Plus IPS monitors inbound and outbound traffic and identifies suspicious or malicious
traffic which may bypass your firewall or could be originating from inside your network.
AlliedWare Plus IPS enhances your network visibility and allows you to control the network by
enforcing compliance with security policy.
AlliedWare Plus IPS is stream-based and there is no delay in detection and prevention. The IPS
engine monitors network traffic and detects malicious activity in real-time by comparing the threat's
characteristics and patterns against known malicious threats stored in a signature database.
C613-22104-00 REV B
"Configuring URL filtering" on page
24.
34.
"URL filtering" on page
45.
"UTM Offload" on page
"Configuring Intrusion
Intrusion Prevention System (IPS)
Advanced Network Protection
20. To configure this
"Selecting a Security
22.
|
Page 10