IPS Management Tips

Enhancing the Recommended Profile

The initial tuning process uses only protections that are included in the Recommended IPS profile. We recommend that you add other protections to the active IPS profile. Make sure that you run the performance-tuning procedure before you enable Prevent mode for a protection.

These are some common additional protections for a profile:

• Application Control - These protections identify and can control specific applications and protocols such as VNC, BitTorrent, Google Talk, and TeamViewer.

  Review Application Control protections, and enable the ones that help protect the network. However, the optimal way to manage how applications are used is with the Check Point Application Control Software Blade.

• DoS (Denial of Service) - There are several protections that look for massive use of Web Server protocols (UDP, HTTP, SSL). They can detect and protect the network from DoS attacks.

  Enable the DoS protections to give additional security to the network. For more about defending the network from DoS attacks, see DDoS Protection on the Security Gateway Best Practices Guide.