Preventing Attacks; How Intrusion Detection And Prevention Works - Symantec 360R - Security Gateway SGS Administration Manual
Gateway security 300 series
Hide thumbs
Also See for 360R - Security Gateway SGS:
- Installation manual (66 pages) ,
- Quick start card (2 pages)
Table of Contents
Advertisement
Preventing attacks
This chapter includes the following topics:
■
■
■
The Symantec Gateway Security 300 series appliance provides intrusion
detection and prevention services (IDS and IPS). The IDS and IPS functions are
enabled by default, and provide atomic packet protection. You may disable IDS
and IPS functionality at any time.
Note: An atomic IDS and IPS signature is defined as a signature based on a single
IP packet.
How intrusion detection and prevention works
The appliance defends against and logs fragmentation attacks, IP option
attacks, buffer overflow attacks, port scans, oversize packet spoof, and flood
attacks.
Any traffic arriving on the inside or outside the unit with an uncommon set of IP
options settings is blocked.
IDS/IPS logs events which are identified in the Status screen. WAN-side IDS/IPS
logging is enabled by default. If IDS logging is disabled, the appliance still blocks
any connection attempt to an unauthorized service for inbound connections.
However, when the Trojan horse lookup service is disabled, and only an access
denied message is logged.
The number of log messages that are tracked depends on the attack type.
Unlimited management login attempts are logged. Attack logging is limited to
How intrusion detection and prevention works
Setting protection preferences
Enabling advanced protection settings
Chapter
8
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the 360R - Security Gateway SGS and is the answer not in the manual?