2.2. IPS/IDS¶
2.2.1. Overview¶
2.2.2. Features¶
Feature | Overview |
IPS/IDS | A feature that detects or/and blocks unauthorized access and cyber-attacks on the VM. |
Mode | Overview |
IPS | Unauthorized access and cyber-attacks are detected. When they are detected, traffic is blocked. |
IDS | Unauthorized access and cyber-attacks are detected. However, traffic is not blocked even though unauthorized access and cyber-attacks are detected. |
- Maximum traffic volume: 200 Mbps in total of both directions/service
- Maximum simultaneous connections: 40,000 sessions/service
2.2.3. Restrictions¶
Restrictions relating to IP addresses- In order to connect the SIGs with IPS/IDS, you must have two IP address blocks available. If the IP address block is already being used, NTT Com Group might ask you to change it.
- NTT Com Group will manage the assigned IP address blocks, and assign IP addresses to the devices that require them.
- If you perform Ping monitoring on the VM, you will require an additional Server Segment for direct connection between vFW/INA and the VM.
- Do not connect the target server segments directly to the vFW/INA.
When the actual traffic volume exceeds the contracted traffic volume, the excess traffic might be discarded.
Encrypted communications are not targeted for detection and blocking.
- Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded as a standard function regardless of customer’s configuration.(Examples)
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not be able to check device logs or event reports from prior to the replacement via Security Web Portal. In addition, if the active server and the standby server are switched for a redundantly configured device and they are restored without replacing the device, you cannot check the log or the event reports of the period during which the switching occurred from Security Web Portal.
IPS/IDS does not guarantee that the IPS/IDS feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the unauthorized/attack traffic detection algorithms provided by the developers or distributors of the devices making up the IPS/IDS feature is not guaranteed.
The following information might be provided to the developers or distributors of the devices making up the IPS/IDS feature.
- Configuration information obtained from providing IPS/IDS
- Information concerning controls etc. for IPS/IDS
NTT Com group cannot guarantee recovery from failures that might occur due to incompatibility between IPS/IDS and your environment, or failures that occur due to your operations other than those specified by NTT Com group.