HP X Unified Security Platform 3 IPS Filtering

3 IPS Filtering

LSM Navigation describes the LSM interface, how to log in, and the general sections of the application.

Overview

The X family provides the TippingPointTM Intrusion Prevention System (IPS) with Digital Vaccine (DV) filters that can be used to police your network to screen out malicious or unwanted traffic such as:

•Vulnerability Attacks and Exploits

•Worms

•Spyware

•Peer-to-Peer applications

In addition to the Digital Vaccine filters, the IPS function also provides Traffic Threshold filters you can use to profile and shape network bandwidth.

All IPS filtering occurs inline on traffic that has been permitted through the X family firewall. Filtering is performed by the Threat Suppression Engine, custom software designed to detect and block a broad range of attacks at high speed. When a packet matches an IPS filter, the X family device handles the packets based on the Action configured on the filter. For example, if the action set is Block, then the packet is dropped. The X family device provides default actions to block or permit traffic with options to quarantine or rate-limit traffic and to notify users or systems when an action executes. Logging options are also available so you can review the types of traffic being filtered by the device. You can customize the default Actions, or create your own based on your network requirements.

A Security Profile defines the traffic to be monitored and the DV filters to be applied. Traffic monitoring is based on security zone pairs. For example, to create a Security Profile to monitor traffic coming from the WAN zone to the LAN zone, you select the security zone pair WAN ==> LAN. Then, you can configure the DV filters to apply to that zone. The security zone pair specifies both the zone and the traffic direction which allows you to define separate Security Profiles for traffic in and out of a zone.