Security
From Wiki@Commgate
Contents |
Intrusion Detection
Overview
| Intrusion Detection | Information |
|---|---|
| Description | An advanced intrusion detection system. |
| Package Name | cc-snort |
| Configuration Page | Network > Security > Intrusion Detection |
The intrusion detection package is included with CommGate Servers to make users more aware of some of the daily hostile traffic that can pass by your Internet connection. The software is able to detect and report unusual network traffic including attempted break-ins, trojans/viruses on your network, and port scans.
Services
New exploits are discovered everyday. The intrusion detection software maintains a uses a list of 2000+ rules. You can receive automatic updates by subscribing to the Intrusion Detection Updates service.
Configuration
The intrusion detection system includes a daily report. Do not panic when you see alerts in this daily report. In fact, it would be quite unusual not to see anything reported. Hostile traffic is a normal part of today's Internet and it is one of the reasons firewalls are necessary. You can find more information about the report here.
Intrusion detection does require some horsepower. If you find your system sluggish, you might want to consider disabling the software.
Security and Policy Rules
There are two different types of rules for the intrusion detection system. The Security rules detect issues related to overall system security, while Policy rules detect issues related to your organization's Internet usage policies. For example, the chat policy rules will detect instant messaging traffic that goes through your CommGate Server.
Links
Snort Intrusion Detection website
Back to top
Intrusion Prevention
Overview
| Intrusion Prevention | Information |
|---|---|
| Description | An advanced intrusion prevention system. |
| Package Name | cc-snortsam |
| Configuration Page | Network > Security > Intrusion Prevention |
| Keywords | SnortSam, Intrusion Prevention |
The intrusion prevention system blocks suspected attackers from your system.
Services
New exploits are discovered everyday. The intrusion detection software maintains and uses a list of 2000+ rules. You can receive automatic updates by subscribing to the Intrusion Detection Updates service.
Configuration
The Intrusion Prevention system displays a list of IP addresses that have been blocked due to inappropriate network traffic.
Description
SID
The SID corresponds to the Intrusion Detection ID that triggered the block. This is a hyper-link that can be followed to reveal more information about the specific conditions that were matched.
Blocked IP
This is the IP address that triggered the block. If this IP address should not be blocked, you can add it to a "don't block" list by clicking on Whitelist under Action.
Date / Time
The date/time fields show when the block occured.
Time Remaining
The remaining block time is listed last. The IP address will be unblocked when this reaches 0.
Action
A blocked host can be added to a Whitelist so it will not be blocked in the future. You can also remove a blocked host using Delete.
Whitelist
If there are IP addresses in your Whitelist they will be listed below the Active Block List. You can delete an entry by choosing Delete under Action.
Troubleshooting
If you find the snortsam software taking a long time to startup on your system, make sure the DNS servers configured for your CommGate Server are working properly.
