IPS

Purpose

The IPS object is intended to represent an Intrusion Prevention System. It has large similarities with the previously described IDS functionality, but with the additional capability of blocking communication in case of suspicious communication behavior/patterns.

Connections

Object

Connection

Description

Function

Router

IPS Execution

A connection to a Router denotes that the IPS is actively trying to prevent intrusions via all Dataflows passing through the Router.

A missing Router will not activate the IPS.

Dataflow

Protection

A connection to a Dataflow denotes that the IPS is actively trying to prevent intrusions via the connected Dataflows (given that it is not encrypted).

A missing Dataflow will reduce the time needed to attack through the Dataflow (given that there is no explicit association between the Dataflow and the IPS’s Router).

Attack Steps and Defenses

Attack Step

Description

No attack steps

There are no attack steps directly to an IPS in SecuriLang.

Defense

Description

Impact

Default

Enabled

Enabled IPS denotes that it is installed, configured and performs stateful inspection and packet filtering as expected.

An IPS on a Router adds time to compromise all protected (and unencrypted) Dataflows.

On


What’s Next