ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual

Using the Intrusion Prevention System

The Intrusion Prevention System (IPS) of the UTM monitors all network traffic to detect, in real- time, network attacks and port scans and to protect your network from such intrusions. You can set up alerts, block source IP addresses from which port scans are initiated, and drop traffic that carries attacks. You can configure detection of and protection from specific attacks such as Web, e-mail, database, malware, and other attacks. The IPS differs from the malware scan mechanism (see “Configuring Web Malware Scans” on page 6-21) in that it monitors individual packets whereas the malware scan mechanism monitors files.

The IPS also allows you to configure port scan detection to adjust it to your needs and to protect the network from unwanted port scans that could compromise the network security.

The IPS is disabled by default. To enable intrusion prevention and configure port scan detection:

1.Select Network Security > IPS from the menu. The IPS submenu tabs appear, with the Global (IPS) screen in view.

Figure 5-30

2.To enable the IPS, select the ON radio button. The default setting is OFF.

3.Configure port scan detection by selecting one of the following radio buttons:

OFF. Port scan detection is disabled. This is the default setting.

ALERT. When a port is scanned, an alert is e-mailed to the administrator that is specified in the Email Notification screen.

Block Source IP. When a port is scanned, the IP address of the PC or device that scans the port is blocked for the duration that you specify in the Seconds field. The default setting is 300 seconds.

4.Click Apply to save your settings.

Firewall Protection

5-47

v1.0, September 2009

Page 161
Image 161
NETGEAR UTM25EW-100NAS, UTM25-100NAS, UTM10EW-100NAS manual Using the Intrusion Prevention System