Each security policy can specify an intrusion protection profile that
determines the level of protection against buffer overflows, illegal code execution,
and other
attempts to exploit system vulnerabilities. The default profile protects clients and
servers from
all known critical-, high-, and medium-severity threats.
Intrusion prevention integrates a high-performance Deep Packet Inspection
architecture and dynamically updated signature database to deliver complete network
protection
from application exploits, worms and malicious traffic. In addition, Intrusion Prevention
provides access control for Instant Messenger (IM) and Peer-to-Peer (P2P) applications.
Use customized profiles to minimize vulnerability checking for traffic
between trusted security zones and to maximize protection for traffic received from
untrusted
zones (Internet) as well as the traffic sent to highly sensitive destinations (server
farms).
In
Deep Edge, you can define the filtering rule criteria and
then select which IPS rules apply to traffic.
Categories for block or monitor actions:
- Miscellaneous—SIP Foundry sipiXtapi Buffer Overflow
- File transfer server—NetTerm NetFTPF User Buffer Command or 3Com
3CDaemon FTP server overflow
- Web server—Microsoft Windows Explorer Drag and Drop Remote Code
Execution, Microsoft IIS WebDAV Long Request Buffer Overflow, and others
- General server—Microsoft SSL PCT Buffer Overflow Vulnerability,
Solaris Telnetd User Authentication Bypass Vulnerability, and others
- Client—Microsoft Visual Studio WMI Object Broker Unspecified Code
Execution, Microsoft Internet Explorer XMLHTTP ActiveX Control setRequestHeader Code
Execution,
and others
- IM—IBM Lotus Sametime Multiplexer Buffer Overflow, MSN MSNP2P Message
Integer Overflow, and others
- Message server—Sendmail Signal Race Vulnerability, Microsoft Exchange
SMTP Service Extended Verb Request Buffer Overflow, and others
