The Intrusion Prevention System is responsible for monitoring and analyzing network traffic in order to identify malicious code traffic and attacks. Subscription-based; rules and sensors he is able to analyze the content of all traffic passing through the network, he is responsible for identifying targeted and persistent applications and threats and blocking them. Integrated with a base of electronic signatures it acts in the application layer, capable of analyzing the contents of the packages in real time, identifying and blocking the package or even the origin IP.

Based on signatures, rules and sensors, it compares and analyzes the content of all “Redirected” Inbound/Outbound traffic to it through  detection mechanisms: signatures, protocol anomalies, application control and generates the records of all identified packages in its signature base, whether it is the execution of unauthorized applications, an invasion attempt, or an attack directed to the equipment itself, suporting some techniques such as: IP Packet Fragmentation, Stream Segmentation, RPC Fragmentation, URL Obfuscation, HTML Obfuscation, Payload Encoding, FTP Evasion and Layered Evasions.

The IPS also supports the following VoIP protocols verification:H.323, SIP, MGCP and SCCP.

By default, IPS has more than 72.835 signatures (information validated on November 25, 2021).

It is worth mentioning that this total amount of subscriptions is dynamic and these subscriptions are managed by the Blockbit Labs Team.

To access this screen, just select the option “Intrusion Prevention”.

Services - Intrusion Prevetion

The screen below will appear:

Intrusion Prevention

The Intrusion Prevention screen has the following tabs:

Next we will analyze the components of the Profiles tab.

  • No labels