Intrusion Prevention FAQs

From UntangleWiki
Revision as of 21:03, 22 July 2015 by Lgraves (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Is Intrusion Prevention based on an open source project?

Yes, Intrusion Prevention is based on Snort.


Why is there no reference information for a specific rule?

If there is no information link available for a specific rule, you can try searching the rule ID at Snort Rules for more info.


Why aren't most of Intrusion Prevention's rules blocked by default?

Because many rules can block non-malicious traffic in addition to malicious exploits we don't turn them all on by default. To make things easy for you, we've evaluated each rule and determined the appropriate default settings for each rule using the following criteria:

  • If the rule is always known to block malicious exploits, Intrusion Prevention blocks and logs this rule by default.
  • If the rule is sometimes known to block malicious exploits, Intrusion Prevention logs this rule by default.
  • If the rule is never known to block malicious exploits, Intrusion Prevention neither blocks nor logs this rule by default.

You're free to change the action of all rules as you see fit for your network.


Can Intrusion Prevention rules be configured differently on Policy Manager racks?

No. Intrusion Prevention applies to all traffic flowing through Untangle so different configurations are not possible.