Looking at the list of Intrusion Prevention attack patterns I am never sure what it is safe to uncheck. A few concerns:
Firstly, the top level of each group presumably display the accumulated totals for the sub groups, so Operating specific attacks totals the Windows, Linux and Others to get the totals, however if I uncheck the three subcategories, it still allows the main category to be checked. Does this indicate that other protection is taking place?
Secondly, if I take another category, for instance Mail servers, the totals at the top level do not reflect the accumulated numbers from the sub levels. Also, if all of my SMTP mail goes through the proxy, should I protect against SMTP attacks, or does the proxy cover this already?
Thirdly, I have database servers internally, however none of these are accessible from the Internet. Do I still need to turn on IPS protection for these?
Fourthly, DNS and FTP are covered with proxies. Same question as in my second point.
Fifthly, Attacks against client software. The only software which has access to the Internet is Browser, and we force all traffic through the proxy? Do I still need to cover this in IPS? We use Outlook, but it has no access to the Internet. Do I need to cover this? Office, what is the scenario I need to provide protection for this?
Finally, Malware. Isn't this already covered by Browser traffic, as in my fifth point?
Any advice on these appreciated. The Astaro support main page doesn't include IPS as a topic. With discussions elsewhere on the Internet I am never sure of the relevance to Astaro.
This thread was automatically locked due to age.
