Digital Vaccine Filters
Digital Vaccine Filters block attacks and other malicious traffic from the network. Filters come with a set of recommended (default) settings which specify the filter status (enabled or disabled), the type of action to be taken when the filter is triggered (action set defined to permit or block traffic and/or send a notification) and the Adaptive Filter Configuration (see page 60) setting (on or off). Users can accept the default settings, or override them based on network security needs. Digital Vaccine filters are categorized in the following groups: Application Protection (see page 308), Infrastructure Protection (see page 310), and Performance Protection (see page 311).
Digital Vaccine filters are created by the Threat Management team that monitors global network security threats and continually develops new attack filters which are automatically distributed to preemptively protect against the exploit of new and zero day vulnerabilities. Updates are distributed using Digital Vaccine Packages.
Digital Vaccine Package
Downloadable software update that includes Digital Vaccine filters that provide the most current IPS protection for your network. The Digitial Vaccine Package is available from the Threat Management Center (TMC) (https://tmc.tippingpoint.com). Devices can also be configured to download and install the Digitial Vaccine packages automatically.
DDoS filters
Group of infrastructure protection filters that detect denial of service attacks which flood a network with requests, including traditional SYN floods, DNS request floods against nameservers, and attempts to use protected systems as reflectors or amplifiers in attacks against third parties. These filters detect direct flood attacks and attacks hidden within larger packets and requests. DDoS filters include the following filters: SYN Proxy, Connection Flood, and CPS Flood filters.
Exploit filters
Filters that protect software from malicious attacks across a network by detecting and blocking the request. Exploits are attacks against a network using weaknesses in software such as operating systems and applications. These attacks usually take the form of intrusion attempts and attempts to destroy or capture data. These filters are part of the Application Protection (see page 308) filter category.
filter
Policy consisting of rules and conditions used to detect and manage malicious traffic on a network. Each filter includes an action set with instructions for managing data when the filter is triggered and category settings. The LSM includes various types of filters, including Digital Vaccine filters in the Performance Protection (see page 311), Application Protection (see page 308), Infrastructure Protection (see page 310) categories along with traffic management, traffic threshold, and DDoS filters.
Identity Theft filters
Filters protect end users from Phishing attacks by detecting and blocking connections to known Phish sites and attacks. A Phishing Attack is typically an email or web site which has been spoofed to appear as if it is from a well known financial or transaction institution. The attacks are usually geared to obtain account information from the end user. These filters are part of the Application Protection (see page 308) filter category.
X Family LSM User’s Guide V 2.5.1 | 309 |
|
|