ELTEX implements Intrusion Prevention System (IPS) on ESR service routers
17 September 2019Intrusion Prevention System (IPS) – network and computer security software system, which allows you to detect intrusions or other network security violations and organize automatic protection against these threats. IPS is a reliable solution in the field of information security.
ESR routers with an Intrusion Prevention System installed on the network border are able to detect and prevent attacks on the customer’s network, as well as avoid many types of non-targeted attacks through bots. IPS protects the internal network from outside penetration by an incorrect configuration of the border router, as well as vulnerabilities in the software used. In addition, an ESR with an IPS system can be installed internally as a firewall to reduce routing overhead. The combination of the functionality of the border router and the firewall in the ESR allows you to prevent attacks at an early stage and protect all elements of the network.
The ESR software includes built-in rules from open sources - Emerging Threats, and functionality for creating own rules - convenient configuration in the form of a constructor and more flexible - in the format of the rules of the Suricata system. Rules from open sources allow to identify and block malicious programs, DoS attacks, botnets, information events, exploits, zero-day vulnerabilities, SCADA network protocols. It is possible to upload 'black lists' of botnet control centers, sites that spread viruses and malware. Work is underway to integrate the system with the signature database of Kaspersky Lab in this moment.
IPS parameters:
- EVE format support
- Syslog support
- Rule constructor support
- Up to 32 update servers
- Suricata-compatible rules
- Built-in Emerging Threats rules
- Service router features support
Inter alia, the ESR service router can operate in the IDS (Intrusion Detection System) mode. However, the IDS mode does not provide active protection, so modifying the rules and using the device in IPS mode is most preferable.
Using SIEM systems, maximum protection efficiency is achieved, for which you can configure log upload and rotation in IPS - this will allow you to flexibly configure the rules, assess the level of the current threat to the network and conduct an audit in real time.
Licensing is required for the new functionality. To obtain more detailed information, please contact Eltex commercial department: eltex@eltex-co.ru
.png "ips_n (2).png")
