IPS
Definition
An Intrusion Prevention System (IPS) is a network security tool designed to detect and prevent identified threats. It monitors network traffic for suspicious activities and takes automated actions, such as blocking traffic or alerting administrators, to mitigate potential security breaches. An IPS can be deployed as a standalone device or integrated into other network security solutions, providing a proactive defense mechanism against cyber threats.
Secure Settings Example
ips:
enabled: true
detection_mode: "inline"
ruleset:
- id: 1001
action: "block"
description: "Block SQL Injection attempts"
- id: 1002
action: "alert"
description: "Alert on suspicious login attempts"
logging:
level: "info"
output: "/var/log/ips.log"
update_policy:
automatic_updates: true
schedule: "daily"
Insecure Settings Example
ips:
enabled: false
detection_mode: "monitor"
ruleset:
- id: 1001
action: "alert"
description: "Alert on SQL Injection attempts"
logging:
level: "debug"
output: "/dev/null"
update_policy:
automatic_updates: false