Difference between revisions of "Intrusion Prevention FAQs"

From UntangleWiki
Jump to: navigation, search
(Why aren't most of Intrusion Prevention's rules blocked by default?)
(Is Intrusion Prevention based on an open source project?)
Line 1: Line 1:
 
[[Category:FAQs]]
 
[[Category:FAQs]]
 
=== Is Intrusion Prevention based on an open source project? ===
 
=== Is Intrusion Prevention based on an open source project? ===
Yes, Intrusion Prevention is based on [http://www.snort.org Snort].
+
Yes, Intrusion Prevention is based on [http://suricata-ids.org/ Suricata].
 
 
  
 
=== Why is there no reference information for a specific rule? ===
 
=== Why is there no reference information for a specific rule? ===

Revision as of 15:11, 12 November 2018

Is Intrusion Prevention based on an open source project?

Yes, Intrusion Prevention is based on Suricata.

Why is there no reference information for a specific rule?

If there is no information link available for a specific rule, you can try searching the rule ID at Snort Rules for more info.


Why aren't most of Intrusion Prevention's rules blocked by default?

Because many rules can block legitimate traffic in addition to malicious exploits we don't enable blocking by default.

You're free to change the action of any rules as you see fit for your network.

Can Intrusion Prevention rules be configured differently on Policy Manager racks?

No. Intrusion Prevention applies to all traffic flowing through Untangle so different configurations are not possible.


Why has Untangle has switched to Emerging Threat rules?

We feel they better reflect real-world uses for our customer environments. By default, more are enabled for logging.


Why is this rule set smaller?

The previous rule set had a considerable amount that was marked deleted.


How does this affect my IPS deployment?

For most customer who have configured through the IPS Wizard there will be more rules enabled for logging and slightly more memory usage. If you had any rules configured to block, those settings could be changed due to removed rules.