Symantec 360R Administration Guide - Page 115

8 Chapter Preventing attacks This chapter includes the following topics: ■ How intrusion detection and prevention works ■ Setting protection preferences ■ Enabling advanced protection settings The Symantec Gateway Security 300 series appliance provides intrusion detection and prevention services (IDS and IPS). The IDS and IPS functions are enabled by default, and provide atomic packet protection. You may disable IDS and IPS functionality at any time. Note: An atomic IDS and IPS signature is defined as a signature based on a single IP packet. How intrusion detection and prevention works The appliance defends against and logs fragmentation attacks, IP option attacks, buffer overflow attacks, port scans, oversize packet spoof, and flood attacks. Any traffic arriving on the inside or outside the unit with an uncommon set of IP options settings is blocked. IDS/IPS logs events which are identified in the Status screen. WAN-side IDS/IPS logging is enabled by default. If IDS logging is disabled, the appliance still blocks any connection attempt to an unauthorized service for inbound connections. However, when the Trojan horse lookup service is disabled, and only an access denied message is logged. The number of log messages that are tracked depends on the attack type. Unlimited management login attempts are logged. Attack logging is limited to