Table of contents
Topics on this page
In-line Intrusion Detection or Intrusion Prevention
Attackers can use network-based techniques and attacks in order to exploit vulnerabilities in your applications, frameworks, and infrastructure. These vulnerabilities can include issues in your application, open-source libraries, or even the platforms and orchestration layers that they run on.
Successfully exploiting these vulnerabilities can give the attacker access to your data and network. Network Security inspects this traffic to help protect you against a broad range of these network-based attacks.
Rule ID: NS-IPS-001
Risk level: Extreme (not acceptable risk)
Ensure that the Cloud One – Network Security virtual appliance is deployed inline to protect your cloud environment against common exploits such as SQL injection attacks, cross-site scripting (XSS) attacks, and Cross-Site Request Forgery (CSRF) attacks that could affect network availability and performance, compromise data security, or consume excessive resources.
This can help you with the following compliance standards:
Payment Card Industry Data Security Standard (PCI DSS)
This rule can help you form your AWS Well-Architected Framework for seamless integration of AWS, Network Security, and Cloud One - Conformity.

Audit in-line protection

To determine if in-line intrusion detection or intrusion prevention is enabled, perform the following actions:

  1. From the Network Security management interface, click the Network icon in the navigation panel.

  2. Click the Assets tab.

  3. In the list of all added cloud accounts, in the bottom section, the number of protected assets is displayed.


    Example

    Cloud Account A (53 of 53 assets protected)


  4. Refresh the list to see the most current statuses.

If all of the assets are not protected, follow steps below to enable protection.

Enable in-line protection

To enable in-line intrusion detection or intrusion prevention, perform the following actions:

  1. From the Network Security management interface, click the Network icon in the navigation panel.
  2. Click the Assets tab.
  3. In the bottom section of the page, expand a VPC that contains unprotected assets.
  4. Click Deploy protection and follow the steps in the wizard.
  5. Repeat these steps to deploy protection for all unprotected assets.