The Intrusion Detection app is included with ClearOS to make users more aware of some of the daily hostile traffic that can pass by your Internet connection. The software is able to detect and report unusual network traffic including attempted break-ins, trojans/viruses on your network, and port scans.
If your system does not have this app available, you can install it via the Marketplace.
You can find this feature in the menu system at the following location:
<navigation>Gateway|Intrusion Protection|Intrusion Detection</navigation>
The ClearCenter Intrusion Protection Updates service is strongly recommended for deploying an effective intrusion protection system. These signatures are compiled from third party organizations as well as internal engineering resources from ClearCenter. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.
The Intrusion Protection Updates app:
There are two different types of rules for the intrusion detection system. The Security rules detect issues related to overall system security, while Policy rules detect issues related to your organization's Internet usage policies. For example, the chat policy rules will detect instant messaging traffic that goes through your ClearOS system.
A security ID (SID) is referenced in various parts of the intrusion detection and prevention systems. These IDs reference individual signatures and come from various sources including SourceFire and Emerging Threats. The following table provides information on the most common signatures detected by the Intrusion Prevention System:
|SSH brute force attack
|FTP brute force attack
|POP3 brute force attack
|Scan detected via telnet attempt
If you would like more information for a particular ID, use the SourceFire Snort ID Search for some of the signatures available in ClearOS. If you are familiar with the command line, you can also find information on signatures be searching the files in /etc/snort.d/rules/clearcenter.