The intrusion detection package is included with ClearOS to make users more aware of some of the daily hostile traffic that can pass by your Internet connection. The software is able to detect and report unusual network traffic including attempted break-ins, trojans/viruses on your network, and port scans.
If you did not select this module to be included during the installation process, you must first install the module.
You can find this feature in the menu system at the following location:
<navigation>Gateway|Intrusion Protection|Intrusion Detection</navigation>
The ClearSDN Intrusion Protection Updates service provides weekly signature updates to improve the effectiveness of the intrusion detection system. These signatures are compiled from third party organizations as well as internal engineering resources from ClearCenter. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.
The intrusion detection system includes a daily report. Do not panic when you see alerts in this daily report. In fact, it would be quite unusual not to see anything reported. Hostile traffic is a normal part of today's Internet and it is one of the reasons firewalls are necessary.
<note warning>Intrusion detection does require some horsepower. If you find your system sluggish, you might want to consider disabling the software.</note>
There are two different types of rules for the intrusion detection system. The Security rules detect issues related to overall system security, while Policy rules detect issues related to your organization's Internet usage policies. For example, the chat policy rules will detect instant messaging traffic that goes through your ClearOS system.