IPS

Purpose

The IPS object is intended to represent an Intrusion Prevention System. It has large similarities with the previously described IDS functionality, but with the additional capability of blocking communication in case of suspicious communication behavior/patterns.

Connections

IPS and Neighboring Objects
IPS and Neighboring Objects

 

ObjectConnectionDescriptionFunction
RouterIPS ExecutionA connection to a Router denotes that the IPS is actively trying to prevent intrusions via all Dataflows passing through the Router.A missing Router will not activate the IPS.
DataflowProtectionA connection to a Dataflow denotes that the IPS is actively trying to prevent intrusions via the connected Dataflows (given that it is not encrypted).A missing Dataflow will reduce the time needed to attack through the Dataflow (given that there is no explicit association between the Dataflow and the IPS’s Router).

Attack Steps and Defenses

Attack Steps and Defenses of IPS
Attack Steps and Defenses of IPS

 

Attack StepDescription
No attack stepsThere are no attack steps directly to an IPS in SecuriLang.

 

DefenseDescriptionImpactDefault
Enabledn Enabled IPS denotes that it is installed, configured and performs stateful inspection and packet filtering as expected.An IPS on a Router adds time to compromise all protected (and unencrypted) Dataflows.On