Networking and Security Basics | 2 |
|
The Intrusion Prevention System (IPS) | |
| |
| |
NOTE Since the router is a device that connects two networks, it needs two IP addresses—one for the LAN, and one for the Internet. In this Administration Guide, you’ll see references to the “Internet IP address” and the “LAN IP address”.
Since the router uses NAT technology, the only IP address that can be seen from the Internet for your network is the router’s Internet IP address. However, even this Internet IP address can be blocked so the router and network seem invisible to the Internet.
The Intrusion Prevention System (IPS)
IPS is an advanced technology to protect your network from malicious attacks. IPS works together with your SPI Firewall, IP Based Access Control List (ACL), Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to achieve the highest level of security. IPS works by providing real-time detection and prevention as an in-line module in a router.
The RVS4000 has hardware-based acceleration for real-time pattern matching to detect malicious attacks. It actively filters and drops malicious TCP/UDP/ICMP/ IGMP packets and can reset TCP connections. This feature prevents network worm attacks against client PCs and servers with various operating systems including Windows, Linux, and Solaris. However, this system does not prevent viruses contained in email attachments.
The P2P (Peer-to-Peer) and IM (Instant Messaging) control allows the system administrator to prevent network users from using those protocols to communicate with people over the Internet. This helps the administrators to set up company policies on how to use the Internet bandwidth wisely.
The signature file is the heart of the IPS system. It is similar to the Virus definition file on your PC’s Anti-Virus software. IPS uses this file to match against packets coming into the router and performs actions accordingly. The RVS4000 has a signature file that contains 1000+ rules, which cover these categories: DDoS, Buffer Overflow, Access Control, Scan, Trojan Horse, Misc., P2P, IM, Virus, Worm, and Web Attacks.
Customers are encouraged to update their IPS signature file regularly to prevent any new types of attacks on the Internet.
