Configuring Intrusion Prevention; Intrusion Prevention Settings; Configuring Ips For Desktops And Laptops - F-SECURE CLIENT SECURITY 9.00 Administrator's Manual

Hide thumbs Also See for CLIENT SECURITY 9.00:

Deployment manual (115 pages)

Administrator's manual (253 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

Table of Contents

Configuring intrusion prevention

Intrusion prevention monitors inbound traffic and tries to find intrusion attempts.

Intrusion prevention (IPS) can also be used to monitor viruses that try to attack computers in the LAN. Intrusion

prevention analyses the payload (the contents) and the header information of an IP packet, and compares

this information with the known attack patterns. If the information is similar or identical to one of the known

attack patterns, intrusion prevention creates an alert and takes the action it has been configured to take.

Intrusion prevention settings

The intrusion prevention settings can be found in the

levels

page.

•

Enable intrusion prevention

If turned on, intrusion prevention is used to monitor inbound traffic in order to find intrusion attempts. If

turned off, intrusion prevention does not monitor traffic.

•

Action on malicious packet

The options available are:

•

Log and drop the packet

information (IPs, ports and protocol) and it is not allowed to pass through the intrusion prevention

component.

•

Log without dropping the packet

header information (IPs, ports and protocol) but it is also allowed to pass through the intrusion prevention

component.

•

Alert severity

The options available are:

be set to use different severities depending on how administrator or local user wants to see the messages.

•

Detection sensitivity

This parameter is used for two purposes; it reduces the number of alerts and it also affects the performance

of the local machine. If you use a smaller value, the number of false positives is reduced.

•

10 = maximum network performance, minimum alerts

•

50 = only 50% (the most important and malicious ones) of the IPS patterns are verified and reported

in case of match.

•

100 = all preprogrammed patterns are verified and reported in case of match.

•

The smaller the number is, less patterns are verified.

•

A recommended value for home users is 100%

•

A recommended value for desktops is 25%

What is a false positive?

A false positive is an alert that wrongly indicates that the related event has happened. In Internet Shield, the

alert text usually indicates this by using words like "probable" or "possible". These kind of alerts should be

eliminated or minimized.

Configuring IPS for desktops and laptops

In this example, the IPS is enabled for all the desktops and laptops in two subdomains.

Intrusion prevention

means that the packet is logged into the alertlog with the packet header

means that the packet is logged into the alertlog with the packet

alerting, Informational, Warning,

F-Secure Client Security | Configuring Internet Shield | 103

section on the

Security

alert. Intrusion attempts can

Firewall security

Table of Contents

This manual is also suitable for:

Client security

Configuring Intrusion Prevention; Intrusion Prevention Settings; Configuring Ips For Desktops And Laptops - F-SECURE CLIENT SECURITY 9.00 Administrator's Manual

Configuring intrusion prevention

Intrusion prevention settings

Configuring IPS for desktops and laptops

Related Manuals for F-SECURE CLIENT SECURITY 9.00

Related Content for F-SECURE CLIENT SECURITY 9.00

This manual is also suitable for:

Table of Contents