Checkpoint Intrusion Prevention System (IPS)

Checkpoint Intrusion Prevention System (IPS), whereas the Security Gateway firewall lets you block traffic based on source, destination and port information. IPS adds another line of defense by analyzing traffic contents to check if it is a risk to your network.

 

IPS protects both clients and servers, and lets you control the network usage of certain applications. The new, hybrid IPS detection engine provides multiple defense layers which allows it excellent detection and prevention capabilities of known threats, and in many cases future attacks as well. It also allows unparalleled deployment and configuration flexibility and excellent performance.

 

In short, an Intrusion Prevention System (IPS), also known as intrusion detection prevention systems (IDPS), is a system that keeps an eye on a network for any malicious activities or incidents such as security threats or policy violations that may occur on such a network.

 

Check Point IPS is available in two deployment methods:

  • IPS Software Blade– integrated with the Check Point Security Gateway to provide another layer of security in addition to the Check Point firewall technology.
  • IPS-1 Sensor– installed without the Check Point Firewall and dedicated to protecting network segments against intrusion.

Layers of Protection:

The layers of the IPS engine include:

  • Detection and prevention of specific known exploits.
  • Detection and prevention of vulnerabilities, including both known and unknown exploit tools, for example protection from specific CVEs.
  • ¬†Examples of commonly manipulated protocols are HTTP, SMTP, POP, and IMAP. Detection and prevention of protocol misuse which in many cases indicates malicious activity or potential threat.
  • Detection and prevention of outbound malware communications.
  • Detection and prevention of tunneling attempts. These attempts may indicate data leakage or attempts to circumvent other security measures such as web filtering.
  • Detection, prevention or restriction of certain applications which, in many cases, are bandwidth consuming or may cause security threats to the network, such as Peer to Peer and Instant Messaging applications.
  • Detection and prevention of generic attack types without any pre-defined signatures, such as Malicious Code Protector.