NIPS (Network Intrusion Prevention System) parameters can be set in the Intrusions section (see figure 10.1. The Intrusions section).
Use the Enable NIPS module option to enable/disable the intrusion prevention system.
Kerio Personal Firewall distinguishes between three intrusion types:
High priority intrusions — critical intrusions which might for example damage the operating system, cause data leak, etc.
Medium priority intrusions — intrusions which cause for example blocking of certain services, malfunctions of network connection, etc.
Low priority intrusions — low-level danger intrusions (equivocal network activities, errors in protocols, invalid data format, etc.)
Firewall behavior can be set for individual types using the following options:
Action — firewall's reactions to attacks of a particular type (Permit, Deny).
Generally spoken, it is recommended to deny all High priority and Medium priority intrusion types — do not permit intrusions of these types unless necessary (i.e. for testing, etc.). Low priority intrusions are allowed by default — their blocking might cause malfunctioning of certain services.
Log to intrusion log — logs all detected intrusions of a particular type into the Intrusions log (see chapter 11. Network Intrusions Prevention System (NIPS)).
Use the button to open a window providing outline of intrusions of the particular type.
The dialog provides name or description of the attack (the Attack column) and class of the intrusion (the Class column). Kerio Personal Firewall uses the Snort type of IDS — for detailed information on individual attacks and attack types go to the http:/www.snort.org/ website.
So called Port Scanning is a special attack type (detection of open ports on a particular computer). Such attacks cannot be blocked if any ports of the user are open (closed ports are blocked automatically), they can only be detected. Use the Log to intrusions log option to enable/disable logging information on Port Scanning to the Intrusions log.