NIPS

NIPS V5.6R10 Policy Matching Mechanism

February 3, 2023 | NSFOCUS

The NIPS policy matching mechanism is blocking first. That is, when traffic is matched against all policies, if one policy is matched whose action is set to block, traffic is blocked. When configuring IPS policies, it is recommended that they should not be overlapped. For example, security zones should not be overlapped, and address objects […]

NIPS V5.6R10 Rule Types

January 6, 2023 | NSFOCUS

NIPS V5.6R10 has five types of rules to detect DDoS attacks, local privilege elevation, information gathering, suspicious network behaviors, and network monitoring events, respectively. They are described as follows. 1. Information gathering Information gathering is the first step of network intrusion. Attackers use various methods to scan and probe target hosts and identify paths to […]

Introduction of RESTful APIs for NIPS Version 5610 and 5611

October 28, 2022 | Adeline Zhang

A RESTful API means that API works in REST standard. RESTful API requires the front end to send requests in one predefined format, so the server only needs to use one unified interface to process. NSFOCUS NIPS can use RESTful API to get the device information or change settings. API tools need to be authorized […]

Description of NIPS Discarding Jumbo Frames in MPLS Traffic by Default

August 25, 2022 | Adeline Zhang

When there is MPLS traffic in the network, there may be jumbo frames whose layer 2 packet including the CRC code has a length greater than 1518 bytes. The NIPS network interface card directly discards these jumbo frames by default, causing network failure. Perform the following check on the client side: 1. Test the client-side […]

NIPS Blocklist Implementation and Whitelist Priority

August 4, 2022 | Adeline Zhang

The blocklist is matched based on the source IP address, destination IP address, or a combination of source and destination IP addresses of a packet. The blocklist works for TCP and UDP transport layer packets. That is to say, after an IP address is added to the blocklist, the ping is successful, but transport layer […]

Is NIPS Capable of Blocking SSH Connections?

July 6, 2022 | Jie Ji

The answer is YES! NSFOCUS NIPS can block SSH connections. You may have similar questions, for example, whether Nmap or sqlmap can be blocked by NIPS. The answer is YES, too! These questions can often be resolved by configuring application control profile. Follow these steps to enable SSH connection blocking: Step 1: Click Objects on […]

Enabling Detection to Traffic Listened on Non-Standard Ports

July 6, 2022 | Jie Ji

By default, NSFOCUS NIPS identifies the protocols and detects attacks on standard ports only. For example, File Transfer Protocol (FTP) operates on ports 20 and 21, Telnet protocol operates on port 23, and HTTP protocol uses port 80. However, the traffic using preceding protocols on non-standard ports will not be identified by NIPS by default, […]