Current Document and Section   Other Documents  
  - Documentation
    - User Guide
  DNS and Domains
Gateway Services Guide
Release Notes
Howtos
 
 

Security - Intrusion Prevention

Contents

[edit] Overview

Intrusion Prevention Information
Description An advanced intrusion prevention system.
Package Name cc-snortsam
Configuration Page Network > Security > Intrusion Prevention
Keywords SnortSam, Intrusion Prevention


The intrusion prevention system blocks suspected attackers from your system.

[edit] Services

New exploits are discovered everyday. The intrusion detection software maintains and uses a list of 2000+ rules. You can receive automatic updates by subscribing to the Intrusion Detection Updates service.

[edit] Configuration

The Intrusion Prevention system displays a list of IP addresses that have been blocked due to inappropriate network traffic.

[edit] Description

[edit] SID

The SID corresponds to the Intrusion Detection ID that triggered the block. This is a hyper-link that can be followed to reveal more information about the specific conditions that were matched.

[edit] Blocked IP

This is the IP address that triggered the block. If this IP address should not be blocked, you can add it to a "don't block" list by clicking on Whitelist under Action.

[edit] Date / Time

The date/time fields show when the block occured.

[edit] Time Remaining

The remaining block time is listed last. The IP address will be unblocked when this reaches 0.

[edit] Action

A blocked host can be added to a Whitelist so it will not be blocked in the future. You can also remove a blocked host using Delete.

[edit] Whitelist

If there are IP addresses in your Whitelist they will be listed below the Active Block List. You can delete an entry by choosing Delete under Action.

[edit] Troubleshooting

If you find the snortsam software taking a long time to startup on your system, make sure the DNS servers configured for your ClarkConnect system are working properly.

[edit] Links

Retrieved from "http://www.clarkconnect.com/docs/Security_-_Intrusion_Prevention"

This page has been accessed 3,978 times. This page was last modified 20:51, 7 August 2007.