c_about_ips_prof
Each security policy can specify an intrusion protection profile that determines the level of protection against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities. The default profile protects clients and servers from all known critical-, high-, and medium-severity threats.
Intrusion Prevention integrates a high-performance Deep Packet Inspection architecture and dynamically updated signature database to deliver complete network protection from application exploits, worms and malicious traffic. In addition, Intrusion Prevention provides access control for Instant Messenger (IM) and Peer to Peer (P2P) applications.
Customized profiles can be used to minimize vulnerability checking for traffic between trusted security zones, and to maximize protection for traffic received from untrusted zones, such as the Internet, as well as the traffic sent to highly sensitive destinations, such as server farms.
Categories for which the block or monitor action can be set include:
Miscellaneous—such as SIP Foundry sipiXtapi Buffer Overflow
File transfer server—such as NetTerm NetFTPF User Buffer Command or 3Com 3CDaemon FTP server overflow
Web server—such as Microsoft Windows Explorer Drag and Drop Remote Code Execution, Microsoft IIS WebDAV Long Request Buffer Overflow, and others
General server—Microsoft SSL PCT Buffer Overflow Vulnerability, Solaris Telnetd User Authentication Bypass Vulnerability, and others
Client—such as Microsoft Visual Studio WMI Object Broker Unspecified Code Execution, Microsoft Internet Explorer XMLHTTP ActiveX Control setRequestHeader Code Execution, and others
IM—IBM Lotus Sametime Multiplexer Buffer Overflow, MSN MSNP2P Message Integer Overflow, and others
Message server—Sendmail Signal Race Vulnerability, Microsoft Exchange SMTP Service Extended Verb Request Buffer Overflow, and others.
See also: