Intrusion Prevention - Cipafilter Documentation

Manual - Intrusion Prevention

Cipafilter includes an intrusion-prevention system (IPS) which is designed to detect and/or block attempts to probe or break through the device's security.

IPS Whitelist

By default, when the IPS detects suspicious events (such as repeated authentication failures), it temporarily "bans" the associated IP address to prevent it from interacting with the filter or the network it protects.  The IPS Whitelist provides a way to exempt certain subnets from the banning process — IPs matching this list will never be banned, no matter how many suspicious events they generate.  It may be useful to whitelist subnets associated with, for example, remote sites or auditing firms.
To prevent erroneous bans from disrupting the smooth operation of the filter, some IP addresses are automatically whitelisted.  These include all "private network" (RFC 1918) subnets, the filter's own IP addresses, and a small number of subnets associated with Cipafilter services.

Administrative Access Control

Administrative Access Control is a security feature related to IPS which prevents hosts coming through the device's public-facing (external) network interfaces from accessing administrative services like SSH and Web management.  A whitelist is provided to exempt trusted subnets from this block — only addresses matching this whitelist will be allowed through when the feature is enabled.  Internal interfaces are not affected.

As with the IPS system proper, some subnets, including those associated with Cipafilter services, are automatically whitelisted when this feature is enabled.

    • Related Articles

    • Manual

      This article provides links to the individual sections of the Cipafilter product manual.  A PDF of the Cipafilter product manual is attached to this article. Introduction Interface Conventions Installation Status Management Users Hot Spare ...
    • Manual - Introduction

      Cipafilter is a powerful routing platform capable of delivering an evolving tool set to protect your enterprise. Cipafilter's philosophy is to provide a cuing edge, well rounded, and aggressive network control solution to meet your current and future ...
    • Manual - Interface Conventions

      Most page/section headers, as well as certain option labels, within the Web interface can be clicked to produce the relevant section of this manual. Clicking a Save Changes button will cause the configuration options on any particular page to be ...
    • Manual - Firmware Updates

      Device firmware can be updated from this page. Cipafilter uses an "A/B" system to allow firmware updates to be installed in the background without disrupting operation of the filter. The new firmware can then be activated when convenient. It is also ...
    • Manual - Group Permissions

      Permissions for groups of users are managed here. Each group has individual settings for the different filtering technologies available, as well as a separate whitelist and blacklist. On this page, you can also edit the global whitelist and blacklist ...