Video Screencast Help

Intrusion Prevention policy

Created: 18 Oct 2012 • Updated: 19 Oct 2012 | 5 comments
This issue has been solved. See solution.

What is the roles of Intrusion Prevention policy in SEPM?

Comments 5 CommentsJump to latest comment

Ashish-Sharma's picture

Intrusion Prevention System technology significantly increases the level of protection that Symantec Endpoint Security gives to your network. You should always have IPS enabled on your network

 Intrusion Prevention System technology is strong, effective technology that prevents malicious files from getting to your hard drive in the first place

Unlike antivirus, which looks for known malicious files, IPS scans the network traffic stream in order to find threats using known exploits and attack vectors. IPS does not detect specific files, but rather specific methods that can be used to get malicious files onto your network. This allows IPS to protect against both known and unknown threats, even before antivirus signatures can be created for them.

check this link

http://www.symantec.com/business/support/index?page=content&id=TECH95347

About working with Intrusion Prevention Policies

http://www.symantec.com/business/support/index?page=content&id=HOWTO27088

Check this thread

http://www.symantec.com/connect/forums/role-intrusion-prevention-policy

http://www.symantec.com/connect/forums/what-intrusion-prevention-policy

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

IPS simply scans network traffic and looks for vulnerabilities and anomalies with the ability to block it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Sumit G's picture

The Symantec IPS signatures use a stream-based engine that scans multiple packets. Symantec IPS signatures intercept network data at the session layer and capture segments of the messages that are passed back and forth between an application and the network stack.

 

The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The IPS is a network-based system that operates on every computer on which the client is installed and the intrusion prevention system is enabled. If a known attack is detected, one or more intrusion prevention technologies can automatically block it. 

The intrusion prevention system scans each packet that enters and exits computers in the network for attack signatures. Attack signatures are the packet sequences that identify an attacker's attempt to exploit a known operating system or program vulnerability.

If the information matches a known attack, the IPS automatically discards the packet. The IPS can also sever the connection with the computer that sent the data for a specified amount of time. This feature is called active response, and it protects computers on your network from being affected in any way.

The client includes the following types of IPS engines that identify attack signatures.

 

Symantec IPS signatures - The Symantec IPS signatures use a stream-based engine that scans multiple packets. Symantec IPS signatures intercept network data at the session layer and capture segments of the messages that are passed back and forth between an application and the network stack.

Custom IPS signatures - The custom IPS signatures use a packet-based engine that scans each packet individually.

 

 

Find the attach article

Best practices regarding Intrusion Prevention System technology
 
http://www.symantec.com/business/support/index?page=content&id=TECH95347
 
Symantec Endpoint Protection Manager - Intrusion Prevention - Policies explained
 
http://www.symantec.com/business/support/index?page=content&id=TECH104434

Regards

Sumit G.

SOLUTION
Chetan Savade's picture

Hi,

IPS is second level of defence.Data first travel through the firewall rules then through IPS & if everything matches then reaches at destination.

It's an additional layer of security.

The intrusion prevention system scans each packet that enters and exits computers in the network for attack signatures. Attack signatures are the packet sequences that identify an attacker's attempt to exploit a known operating system or program vulnerability.

Please check the following article to know more about IPS.

Best practices regarding Intrusion Prevention System technology

http://www.symantec.com/docs/TECH95347

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<