Policy-Based IPS/IDS
This type of traffic matching can be implemented based on the security policy for your network. For example, if your company has a security policy that states that no Telnet traffic should be used (for security reasons) on specific areas of your network, you can create a custom rule that states that if TCP traffic is seen destined to port 23 (which is the well-known port for Telnet) to a device in the part of the network for which Telnet is not permitted, the IPS can generate an alert and drop the packet. If this is configured as IDS, it could simply generate an alert (but cannot drop the packet on its own because IDS is in promiscuous mode, and not inline).
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
