When you create a network where numerous machines are deployed, security is of paramount concern. With host-based IDS/IPS, you can detect attacks from various sources such as IDS/IPS, Port scanning attack, Distributed Denial of Service (DDOS), etc. This detection implements a security layer to all communications and cordons your systems from unwanted intrusions or network attacks.
You can also take actions like blocking the attackers for certain time, disconnecting the infected system from the network, and also send an alert message to the administrator.
The IDS/IPS feature is available only in the clients with Microsoft Windows.
You can create different policies with varying IDS/IPS settings and apply them to the groups so that each has separate policies based on the requirement.
-
Log on to the Seqrite Endpoint Security Web console.
-
Go to Settings > Client Settings > IDS/IPS.
-
Enable one of the following options by selecting the check box:
-
Enable IDS/IPS
-
Detect Port Scanning Attack
On selecting this check box, Customize link is enabled. -
Detect DDOS (Distributed Denial of Service) Attack
On selecting this check box, Customize link is enabled.
-
-
From the following options, select an action to be performed when attack is detected:
- Block Attackers IP for … Minutes.
Enter time here. - Disconnect endpoint from the network (only in case of DDOS and Port Scanning attack).
- Display alert message when attack is detected.
This helps you take an appropriate action when attack is detected.
- Block Attackers IP for … Minutes.
-
To save your settings, click Save Policy.
Customizing Port Scanning
You can customize settings for Detect Port Scanning Attack and Detect DDOS (Distributed Denial of Service) Attack as follows:
- Log on to the Seqrite Endpoint Security Web console.
- Go to Settings > Client Settings > IDS/IPS.
- Select the Detect Port Scanning Attack check box.The Customize link gets enabled.
- Click the Customize link.Settings –Port Scanning dialog appears.
- Select one of the following levels:
- Soft: Detects attack if many ports are scanned.
- Normal: Detects attack if multiple ports are scanned.
- Strict: Detects attack even if a single port is scanned.
- Custom: Helps you customize the attack condition and number of scanned ports exceeds than field.
- To exclude an IP address that you do not want to be scanned, click Add in Excluded IP Addresses section.
- On the Add IP Address screen, type an IP Address or IP range and then click OK.
- To exclude port that you do not want to be scanned, click Add from the Excluded Ports section.
- On the Add Port screen, type a Port or Port range and then click OK.
Customization for Distributed Denial of Service
Further customization settings for Distributed Denial of Service Attack are as follows:
-
Log on to the Seqrite Endpoint Security Web console.
-
Go to Settings > Client Settings > IDS/IPS.
-
Select the Detect DDOS (Distributed Denial of Service) Attack check box.The Customize link gets enabled.
-
Click the Customize link.The Settings – Denial of Service dialog appears.Select one of the following levels:
- Soft: Detects if many attacks occur.
- Normal: Detects if multiple attacks occur.
- Strict: Detects attack even if a single attack occurs.
- Custom: Helps you customize the attack condition and number of attack sources exceeds than the specified limits.
-
To exclude an IP address that you do not want to be scanned, click Add in the Excluded IP Addresses section.
-
On the Add IP Address screen, type an IP Address or IP range and then click OK.
-
To exclude a port that you do not want to be scanned, click Add in the Excluded Ports section.
-
On the Add Port screen, type a port or port range and then click OK.