Views:
Security policy filters act as attack and policy filters. As attack filters, these filters compare packet contents with recognizable header or data content in the attack along with the protocol, service, and the operating system or software the attack affects. These attack filters require deployment knowledge and/or operational policy.
These filters detect traffic that may or may not be malicious that may meet one of the following criteria:
  • Different in its format or content from standard business practice.
  • Aimed at specific software or operating systems.
  • Contrary to your company security policies.
By default, Security Policy filters are disabled. Configuring security policy filters requires knowledge of the installation network configuration. When enabled, these filters may generate false attack alerts depending on your network or application environment. For example, false alerts could be caused by the following:
  • Custom or legacy software that uses standard protocols in non-standard ways.
  • Attacks on applications or operating systems that you do not have installed.
  • Activities that could be benign or malicious depending on where they originate.
Note
Note
Scan your network hosts before disabling or creating exceptions to specific attack protection filters. Some operating systems install default services which may be vulnerable to attack. If you disable or add an exception to a filter that protects a service that you do not know about, you may increase your network vulnerability.