It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Load Balancer ADC

What is IPS, and how does it work on my Barracuda Load Balancer?

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00004160

Scope:
All Barracuda Load Balancers models, firmware versions 3.0 and above.

Answer:
The Barracuda Load Balancer is equipped with an active Intrusion Prevention System. Energize Updates will keep this feature up-to-date with the latest connection-based threats, protecting any load-balanced servers from these common threat types:
  • Virus Propagation - Viruses such as NIMDA and Code Red.
  • Buffer Overflows - A common malicious attempt to gain access.
  • Protocol Specific - Attacks targeted to a specific protocol such as SMTP, DNS, or LDAP.
  • Application Specific - Attacks targeted to a specific application such as IIS, Websphere, Cold Fusion, or Exchange.
  • OS Specific - Attacks against known or published weaknesses in various operating systems. For example, weaknesses in the Microsoft Windows OS may differ than those in a UNIX environment, resulting in different types of malicious activity.
You must Enable Intrusion Prevention on the service by clicking on the Edit icon next to the Virtual IP of the service on the Basic > Services. Choose whether or not the Intrusion Prevention System (IPS) is enabled for the service at the bottom of the pop-up window in the Security section.

Note: IPS is enabled globally by default on the Basic > Intrusion Prevention page and is available for use in any service. You must enable IPS on the service level by editing the service, to actively monitor traffic to the enabled services.

Intrusion Prevention Summary
The table lists the Services that are currently protected by the Intrusion Prevention System (IPS). Allowing the Intrusion Prevention System to focus on only these Services helps the Barracuda Load Balancer to maintain near wire-speed load balancing while providing exploit protection for all publicly-accessible services.

Intrusion Prevention Log
The Intrusion Prevention System (IPS) Log maintains a list of events reported by the Intrusion Prevention System. Click Preferences to set the number of events shown on each page.

The following information is displayed:
  • Date - Date and time of the event.
  • Category - Type of event.
  • Severity - The severity scale ranges from 1 (most severe) to 5 (least severe)
  • Event - A description of the event.
  • Source - Source of the event.
  • Details - Information pertaining to this event, e.g. the IP address of the suspicious intruder.

Click Clear Log to delete all events from the IPS Log. Click Export to export all events to a CSV file.

To filter the list of events by any of the fields in the log:
  1. Click on the Filter drop-down to choose a field.
  2. Enter the pattern that IS or is NOT to be used as the filter. The filter is not case-sensitive.
  3. Click + to specify additional filters.
  4. Click Apply Filter to see the matching results.

To show the unfiltered log, use a filter of None and click Apply Filter.

Additional Notes:
Intrusion Detection System (IDS) -vs- Intrusion Prevention System (IPS)
IPS and IDS are similar conceptually; however, an IDS merely alerts and can become a significant source of incoming messages during an attack.

An IPS, on the other hand, is capable of rejecting a connection before damage is done. This makes it much less noisy in that it does not alert on every attempt, and instead will simply block any malicious activity.

Link to This Page:
https://campus.barracuda.com/solution/50160000000Hm3CAAS