What is IPS/IDS?

IPS stands for Intrusion Prevention/Detection System. These systems evaluate traffic against a signature set to alert and prevent potential security issues, grouped by the probable severity of a matching signature.

Suricata

There are several implementations, but we employ Suricata with the Emerging Threats GPL signature set to protect your network. These are updated every day to remain secure against new signatures as they are developed and detected. More detail can be found at their website here, with the specific ruleset found here.

Performance

The Route10 handles all of this detection and prevention onboard the router itself while maintaining 10Gbps throughput for your legitimate traffic. 

Enabling IPS/IDS

From the management platform (https://manage.alta.inc), navigate to the site’s main Settings, then Firewall, and finally Intrusion Prevention.

Toggle on the switch for Enable IPS/IDS. Set the Notification Level to the minimum severity level that you want to receive notifications for. Block Level refers to the minimum severity matches which should be blocked. Finally, you may specify which VLANs and associated subnets are subject to IPS monitoring, but the default All is generally recommended.

Note: Low is not advised, as it may generate superfluous alerts and protective actions for minor threat indicators. Many people would consider these false positives, but feel free to experiment and review according to your network needs.

Monitoring Alerts

Click the notification bell icon next to your site’s name in the top right corner. Here, you will be able to review the alerts generated by the IPS feature. Use the trash bin icon to instruct the Route10 that the associated signature should be allowed instead of blocked. The eye icon relates to the alerts themselves, and will stop logging the matched activity while continuing to block the traffic coming into your network. If you want to undo any of those changes to the alerts or blocking, then use Reset Ignored Rules from the settings page above.