The IPS object is intended to represent an Intrusion Prevention System. It has large similarities with the previously described IDS functionality, but with the additional capability of blocking communication in case of suspicious communication behavior/patterns.
A connection to a Router denotes that the IPS is actively trying to prevent intrusions via all Dataflows passing through the Router.
A missing Router will not activate the IPS.
A connection to a Dataflow denotes that the IPS is actively trying to prevent intrusions via the connected Dataflows (given that it is not encrypted).
A missing Dataflow will reduce the time needed to attack through the Dataflow (given that there is no explicit association between the Dataflow and the IPS’s Router).
No attack steps
There are no attack steps directly to an IPS in SecuriLang.
Enabled IPS denotes that it is installed, configured and performs stateful inspection and packet filtering as expected.
An IPS on a Router adds time to compromise all protected (and unencrypted) Dataflows.
Updated about 1 year ago