About Intrusion Prevention Service
Intrusions are direct attacks on your computer. Usually the attack exploits a vulnerability in an application. These attacks are created to cause damage to your network, get sensitive information, or use your computers to attack other networks.
Intrusion Prevention Service (IPS) provides real-time protection from threats, including spyware, SQL injections, cross-site scripting, and buffer overflows. When a new attack is identified, the features that make the intrusion attack unique are recorded. These recorded features are known as the signature. IPS uses these signatures to identify intrusion attacks.
By default, when you enable and configure IPS, the IPS configuration applies globally to all traffic. You can also choose to disable IPS on a per-policy basis.
IPS Threat Levels
IPS categorizes IPS signatures into five threat levels, based on the severity of the threat. The severity levels, from highest to lowest are:
When you enable IPS, the default setting is to drop and log traffic that matches the Critical, High, Medium, or Low threat levels. Traffic that matches the information threat level is allowed and not logged by default.
Add the IPS Upgrade
To enable IPS, you must:
Keep IPS Signatures Updated
New intrusion threats appear on the Internet frequently. To make sure that IPS gives you the best protection, you must update the signatures frequently. You can configure the Firebox to update the signatures automatically from WatchGuard, as described in Configure the IPS Update Server.
IPS and Application Control signature updates are delivered together in the same update file. The size of the IPS signature set depends on your Firebox hardware platform and software version. For more information, see IPS and Application Control signature set sizes.
See IPS Status
To see statistics on current IPS activity and update the IPS signatures, from Firebox System Manager. For more information, see Application Control and Intrusion Prevention Service Statistics.
To see statistics on current IPS activity and update the IPS signatures, from Fireware Web UI, go to the Dashboard > Subscription Services page. For more information, see Subscription Services Status and Manual Signatures Updates.